IDEMPIERE-3101 implement OAuth2 for mail (gmail, outlook and other mail system) (#593)

* IDEMPIERE-3101 implement OAuth2 for mail (gmail, outlook and other mail system)

WIP - initial version working on zk with google apps mail using OAuth2 Authorization Code Flow and Client Type = web application

* Enable imap reading with OAuth2 in RequestEMailProcessor
* Simplify the code - tested plain and OAuth2 can use the same methods
* Add +SCOPE parameter to AddAuthorizationForm according to IDEMPIERE-4713
* Rename the form AddAuthorizationMailForm to AddAuthorizationForm as is now more generic

* IDEMPIERE-4713
* Rename migration scripts to make it newer than IDEMPIERE-4713
* Add list of scopes attended by a credential
* Change form to accept other scopes, if no scope parameter is passed, then a list is shown, change the menu to fix the EMail scope
* Add MAuthorizationAccount.refreshAndGetAccessToken
* Add translation for messages

* make call generic oauth, avoid using specific google API

* Tests with microsoft as OAuth2 provider
* Add record for microsoft as provider
* Increase size of tokens
* Define mandatory and secure columns
* Update refresh token when it comes on the refresh call
* Revoke endpoint is optional

* Change the approach to a process instead of a form (WIP)
* Implement servlet to process the OAuth2 code

* Solve context suggestion from hengsin

* Implement the form in an automatic popup approach for running on zkwebui

* i18n - add translations for all messages that are shown to user
* on the form opted for click to avoid the problem with browsers forbidding popups
* clean spaces and tabs on line endings

* avoid logging and copy of the secure columns

* Fix problem reported by @d-ruiz about hidden NPE when SMTP Authentication is disabled

* Add writing to AD_PInstance_Para and AD_PInstance_Log the results of processing the servlet
* Control to avoid using the same authorization URL twice

org.adempiere.base-feature/model.generator.launch

@@ -31,6 +31,8 @@
     <stringAttribute key="productFile" value="/org.adempiere.server-feature/server.product"/>
     <setAttribute key="selected_target_bundles">
         <setEntry value="bcprov@default:default"/>
+        <setEntry value="com.google.gson@default:default"/>
+        <setEntry value="com.google.guava@default:default"/>
         <setEntry value="com.google.zxing.core@default:default"/>
         <setEntry value="com.itextpdf@default:default"/>
         <setEntry value="com.jaspersoft.studio.bundles.barbecue@default:default"/>

org.adempiere.base-feature/packinfolder.app.launch

@@ -33,6 +33,8 @@
         <setEntry value="bcpkix@default:default"/>
         <setEntry value="bcprov@default:default"/>
         <setEntry value="com.diffplug.osgi.extension.sun.misc@default:false"/>
+        <setEntry value="com.google.gson@default:default"/>
+        <setEntry value="com.google.guava@default:default"/>
         <setEntry value="com.google.zxing.core@default:default"/>
         <setEntry value="com.itextpdf@default:default"/>
         <setEntry value="com.jaspersoft.studio.bundles.barbecue@default:default"/>

org.adempiere.base-feature/sign.database.build.launch

@@ -32,6 +32,8 @@
     <setAttribute key="selected_target_bundles">
         <setEntry value="bcprov@default:default"/>
         <setEntry value="com.diffplug.osgi.extension.sun.misc@default:false"/>
+        <setEntry value="com.google.gson@default:default"/>
+        <setEntry value="com.google.guava@default:default"/>
         <setEntry value="com.google.zxing.core@default:default"/>
         <setEntry value="com.itextpdf@default:default"/>
         <setEntry value="com.jaspersoft.studio.bundles.barbecue@default:default"/>

org.adempiere.base-feature/synchronize-terminology.app.launch

@@ -32,6 +32,8 @@
     <setAttribute key="selected_target_bundles">
         <setEntry value="bcprov@default:default"/>
         <setEntry value="com.diffplug.osgi.extension.sun.misc@default:false"/>
+        <setEntry value="com.google.gson@default:default"/>
+        <setEntry value="com.google.guava@default:default"/>
         <setEntry value="com.google.zxing.core@default:default"/>
         <setEntry value="com.itextpdf@default:default"/>
         <setEntry value="com.jaspersoft.studio.bundles.barbecue@default:default"/>

org.adempiere.base-feature/translation.app.launch

@@ -32,6 +32,8 @@
     <setAttribute key="selected_target_bundles">
         <setEntry value="bcprov@default:default"/>
         <setEntry value="com.diffplug.osgi.extension.sun.misc@default:false"/>
+        <setEntry value="com.google.gson@default:default"/>
+        <setEntry value="com.google.guava@default:default"/>
         <setEntry value="com.google.zxing.core@default:default"/>
         <setEntry value="com.itextpdf@default:default"/>
         <setEntry value="com.jaspersoft.studio.bundles.barbecue@default:default"/>

org.adempiere.base.process/src/org/compiere/process/EMailTest.java

@@ -67,12 +67,12 @@ public class EMailTest extends SvrProcess
 				documentDir = ".";
 			File file = new File (documentDir);
 			if (file.exists() && file.isDirectory())
-				addLog(0, null, null, "Found Directory: " + client.getDocumentDir());
+				addLog(0, null, null, "Found Directory: " + documentDir);
 			else
-				addLog(0, null, null, "Not Found Directory: " + client.getDocumentDir());
+				addLog(0, null, null, "Not Found Directory: " + documentDir);
 		}
 		
-		return Util.isEmpty(clientTest) ? "OK" : clientTest;
+		return Util.isEmpty(clientTest) ? "OK" : ("@Error@ " + clientTest);
 	}	//	doIt
 	
 }	//	EMailTest

org.adempiere.base.process/src/org/compiere/process/RequestEMailProcessor.java

@@ -44,6 +44,7 @@ import org.compiere.util.DB;
 import org.compiere.util.EmailSrv;
 import org.compiere.util.EmailSrv.EmailContent;
 import org.compiere.util.EmailSrv.ProcessEmailHandle;
+import org.compiere.util.Msg;
 import org.compiere.util.Trx;
 
 /**
@@ -432,6 +433,7 @@ public class RequestEMailProcessor extends SvrProcess implements ProcessEmailHan
 		}
 		
 		req.saveEx(trxName);
+		addLog(req.getR_Request_ID(), null, null, Msg.parseTranslation(getCtx(), "@Added@ @R_Request_ID@ ") + req.getDocumentNo(), MRequest.Table_ID, req.getR_Request_ID());
 		
 		if (log.isLoggable(Level.INFO)) log.info("created request " + req.getR_Request_ID() + " from msg -> " + emailContent.subject);
 		
@@ -458,6 +460,7 @@ public class RequestEMailProcessor extends SvrProcess implements ProcessEmailHan
 		StringBuilder msgreq = new StringBuilder("FROM: ").append(emailContent.fromAddress.get(0)).append("\n").append(emailContent.getTextContent());
 		requp.setResult(msgreq.toString());
 		requp.saveEx(trxName);
+		addLog(requp.getR_Request_ID(), null, null, Msg.parseTranslation(getCtx(), "@Updated@ @R_Request_ID@ ") + requp.getDocumentNo(), MRequest.Table_ID, requp.getR_Request_ID());
 	}
 
 	@Override

org.adempiere.base.process/src/org/compiere/process/SendMailText.java

@@ -278,7 +278,7 @@ public class SendMailText extends SvrProcess
 		} else {
 			log.warning("FAILURE - " + to.getEMail());
 		}
-		StringBuilder msglog = new StringBuilder((OK ? "@OK@" : "@ERROR@")).append(" - ").append(to.getEMail());
+		StringBuilder msglog = new StringBuilder(Msg.parseTranslation(getCtx(), OK ? "@OK@" : "@ERROR@")).append(" - ").append(to.getEMail());
 		addLog(0, null, null, msglog.toString());
 		return Boolean.valueOf(OK);
 	}	//	sendIndividualMail

org.adempiere.base/META-INF/MANIFEST.MF

@@ -7,7 +7,15 @@ Bundle-ClassPath: .,
  lib/bsh.jar,
  lib/commons-validator.jar,
  lib/cron4j.jar,
- lib/avalon-framework-api.jar
+ lib/avalon-framework-api.jar,
+ lib/google-http-client.jar,
+ lib/google-http-client-gson.jar,
+ lib/google-oauth-client.jar,
+ lib/grpc-context.jar,
+ lib/httpclient.jar,
+ lib/httpcore.jar,
+ lib/opencensus-api.jar,
+ lib/opencensus-contrib-http-util.jar
 Export-Package: bsh,
  bsh.classpath,
  bsh.collection,
@@ -123,6 +131,8 @@ Require-Bundle: org.eclipse.equinox.app;bundle-version="0.0.0",
  org.apache.poi.poi-ooxml-schemas;bundle-version="4.1.0",
  org.apache.xmlbeans;bundle-version="3.1.0",
  org.jfree.chart;bundle-version="1.0.19",
- org.jfree.jcommon;bundle-version="1.0.23"
+ org.jfree.jcommon;bundle-version="1.0.23",
+ com.google.guava;bundle-version="27.1.0",
+ com.google.gson;bundle-version="2.8.2"
 Automatic-Module-Name: org.adempiere.base
 Bundle-Vendor: iDempiere Community

org.adempiere.base/build.properties

@@ -21,7 +21,15 @@ bin.includes = plugin.xml,\
                lib/avalon-framework-api.jar,\
                lib/bsh.jar,\
                lib/commons-validator.jar,\
-               lib/cron4j.jar
+               lib/cron4j.jar,\
+               lib/google-http-client.jar,\
+               lib/google-http-client-gson.jar,\
+               lib/google-oauth-client.jar,\
+               lib/grpc-context.jar,\
+               lib/httpclient.jar,\
+               lib/httpcore.jar,\
+               lib/opencensus-api.jar,\
+               lib/opencensus-contrib-http-util.jar
 src.includes = schema/
 source.. = src/
 output.. = target/classes/

org.adempiere.base/pom.xml

@@ -43,6 +43,46 @@
 									<artifactId>avalon-framework-api</artifactId>
 									<version>4.3.1</version>
 								</artifactItem>
+								<artifactItem>
+									<groupId>com.google.http-client</groupId>
+									<artifactId>google-http-client-gson</artifactId>
+									<version>1.38.1</version>
+								</artifactItem>
+								<artifactItem>
+									<groupId>com.google.http-client</groupId>
+									<artifactId>google-http-client</artifactId>
+									<version>1.38.1</version>
+								</artifactItem>
+								<artifactItem>
+									<groupId>com.google.oauth-client</groupId>
+									<artifactId>google-oauth-client</artifactId>
+									<version>1.31.4</version>
+								</artifactItem>
+								<artifactItem>
+									<groupId>io.grpc</groupId>
+									<artifactId>grpc-context</artifactId>
+									<version>1.35.0</version>
+								</artifactItem>
+								<artifactItem>
+									<groupId>io.opencensus</groupId>
+									<artifactId>opencensus-contrib-http-util</artifactId>
+									<version>0.28.3</version>
+								</artifactItem>
+								<artifactItem>
+									<groupId>io.opencensus</groupId>
+									<artifactId>opencensus-api</artifactId>
+									<version>0.28.3</version>
+								</artifactItem>
+								<artifactItem>
+									<groupId>org.apache.httpcomponents</groupId>
+									<artifactId>httpclient</artifactId>
+									<version>4.5.13</version>
+								</artifactItem>
+								<artifactItem>
+									<groupId>org.apache.httpcomponents</groupId>
+									<artifactId>httpcore</artifactId>
+									<version>4.4.14</version>
+								</artifactItem>
 							</artifactItems>
 							<outputDirectory>lib</outputDirectory>
 							<stripVersion>true</stripVersion>

org.adempiere.base/src/org/compiere/model/I_AD_AuthorizationAccount.java

@@ -0,0 +1,242 @@
+/******************************************************************************
+ * Product: iDempiere ERP & CRM Smart Business Solution                       *
+ * Copyright (C) 1999-2012 ComPiere, Inc. All Rights Reserved.                *
+ * This program is free software, you can redistribute it and/or modify it    *
+ * under the terms version 2 of the GNU General Public License as published   *
+ * by the Free Software Foundation. This program is distributed in the hope   *
+ * that it will be useful, but WITHOUT ANY WARRANTY, without even the implied *
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.           *
+ * See the GNU General Public License for more details.                       *
+ * You should have received a copy of the GNU General Public License along    *
+ * with this program, if not, write to the Free Software Foundation, Inc.,    *
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.                     *
+ * For the text or an alternative of this public license, you may reach us    *
+ * ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA        *
+ * or via info@compiere.org or http://www.compiere.org/license.html           *
+ *****************************************************************************/
+package org.compiere.model;
+
+import java.math.BigDecimal;
+import java.sql.Timestamp;
+import org.compiere.util.KeyNamePair;
+
+/** Generated Interface for AD_AuthorizationAccount
+ *  @author iDempiere (generated) 
+ *  @version Release 8.2
+ */
+public interface I_AD_AuthorizationAccount 
+{
+
+    /** TableName=AD_AuthorizationAccount */
+    public static final String Table_Name = "AD_AuthorizationAccount";
+
+    /** AD_Table_ID=200272 */
+    public static final int Table_ID = 200272;
+
+    KeyNamePair Model = new KeyNamePair(Table_ID, Table_Name);
+
+    /** AccessLevel = 6 - System - Client 
+     */
+    BigDecimal accessLevel = BigDecimal.valueOf(6);
+
+    /** Load Meta Data */
+
+    /** Column name AccessToken */
+    public static final String COLUMNNAME_AccessToken = "AccessToken";
+
+	/** Set Access Token	  */
+	public void setAccessToken (String AccessToken);
+
+	/** Get Access Token	  */
+	public String getAccessToken();
+
+    /** Column name AccessTokenTimestamp */
+    public static final String COLUMNNAME_AccessTokenTimestamp = "AccessTokenTimestamp";
+
+	/** Set Access Token Timestamp	  */
+	public void setAccessTokenTimestamp (Timestamp AccessTokenTimestamp);
+
+	/** Get Access Token Timestamp	  */
+	public Timestamp getAccessTokenTimestamp();
+
+    /** Column name AD_AuthorizationAccount_ID */
+    public static final String COLUMNNAME_AD_AuthorizationAccount_ID = "AD_AuthorizationAccount_ID";
+
+	/** Set Authorization Account	  */
+	public void setAD_AuthorizationAccount_ID (int AD_AuthorizationAccount_ID);
+
+	/** Get Authorization Account	  */
+	public int getAD_AuthorizationAccount_ID();
+
+    /** Column name AD_AuthorizationAccount_UU */
+    public static final String COLUMNNAME_AD_AuthorizationAccount_UU = "AD_AuthorizationAccount_UU";
+
+	/** Set AD_AuthorizationAccount_UU	  */
+	public void setAD_AuthorizationAccount_UU (String AD_AuthorizationAccount_UU);
+
+	/** Get AD_AuthorizationAccount_UU	  */
+	public String getAD_AuthorizationAccount_UU();
+
+    /** Column name AD_AuthorizationCredential_ID */
+    public static final String COLUMNNAME_AD_AuthorizationCredential_ID = "AD_AuthorizationCredential_ID";
+
+	/** Set Authorization Credential	  */
+	public void setAD_AuthorizationCredential_ID (int AD_AuthorizationCredential_ID);
+
+	/** Get Authorization Credential	  */
+	public int getAD_AuthorizationCredential_ID();
+
+	public org.compiere.model.I_AD_AuthorizationCredential getAD_AuthorizationCredential() throws RuntimeException;
+
+    /** Column name AD_AuthorizationScope */
+    public static final String COLUMNNAME_AD_AuthorizationScope = "AD_AuthorizationScope";
+
+	/** Set Authorization Scope	  */
+	public void setAD_AuthorizationScope (String AD_AuthorizationScope);
+
+	/** Get Authorization Scope	  */
+	public String getAD_AuthorizationScope();
+
+    /** Column name AD_Client_ID */
+    public static final String COLUMNNAME_AD_Client_ID = "AD_Client_ID";
+
+	/** Get Client.
+	  * Client/Tenant for this installation.
+	  */
+	public int getAD_Client_ID();
+
+    /** Column name AD_Org_ID */
+    public static final String COLUMNNAME_AD_Org_ID = "AD_Org_ID";
+
+	/** Set Organization.
+	  * Organizational entity within client
+	  */
+	public void setAD_Org_ID (int AD_Org_ID);
+
+	/** Get Organization.
+	  * Organizational entity within client
+	  */
+	public int getAD_Org_ID();
+
+    /** Column name AD_User_ID */
+    public static final String COLUMNNAME_AD_User_ID = "AD_User_ID";
+
+	/** Set User/Contact.
+	  * User within the system - Internal or Business Partner Contact
+	  */
+	public void setAD_User_ID (int AD_User_ID);
+
+	/** Get User/Contact.
+	  * User within the system - Internal or Business Partner Contact
+	  */
+	public int getAD_User_ID();
+
+	public org.compiere.model.I_AD_User getAD_User() throws RuntimeException;
+
+    /** Column name Created */
+    public static final String COLUMNNAME_Created = "Created";
+
+	/** Get Created.
+	  * Date this record was created
+	  */
+	public Timestamp getCreated();
+
+    /** Column name CreatedBy */
+    public static final String COLUMNNAME_CreatedBy = "CreatedBy";
+
+	/** Get Created By.
+	  * User who created this records
+	  */
+	public int getCreatedBy();
+
+    /** Column name EMail */
+    public static final String COLUMNNAME_EMail = "EMail";
+
+	/** Set EMail Address.
+	  * Electronic Mail Address
+	  */
+	public void setEMail (String EMail);
+
+	/** Get EMail Address.
+	  * Electronic Mail Address
+	  */
+	public String getEMail();
+
+    /** Column name ExpireInSeconds */
+    public static final String COLUMNNAME_ExpireInSeconds = "ExpireInSeconds";
+
+	/** Set Expire in Seconds	  */
+	public void setExpireInSeconds (BigDecimal ExpireInSeconds);
+
+	/** Get Expire in Seconds	  */
+	public BigDecimal getExpireInSeconds();
+
+    /** Column name Help */
+    public static final String COLUMNNAME_Help = "Help";
+
+	/** Set Comment/Help.
+	  * Comment or Hint
+	  */
+	public void setHelp (String Help);
+
+	/** Get Comment/Help.
+	  * Comment or Hint
+	  */
+	public String getHelp();
+
+    /** Column name IsAccessRevoked */
+    public static final String COLUMNNAME_IsAccessRevoked = "IsAccessRevoked";
+
+	/** Set Access Revoked	  */
+	public void setIsAccessRevoked (boolean IsAccessRevoked);
+
+	/** Get Access Revoked	  */
+	public boolean isAccessRevoked();
+
+    /** Column name IsActive */
+    public static final String COLUMNNAME_IsActive = "IsActive";
+
+	/** Set Active.
+	  * The record is active in the system
+	  */
+	public void setIsActive (boolean IsActive);
+
+	/** Get Active.
+	  * The record is active in the system
+	  */
+	public boolean isActive();
+
+    /** Column name IsAuthorized */
+    public static final String COLUMNNAME_IsAuthorized = "IsAuthorized";
+
+	/** Set Authorized	  */
+	public void setIsAuthorized (boolean IsAuthorized);
+
+	/** Get Authorized	  */
+	public boolean isAuthorized();
+
+    /** Column name RefreshToken */
+    public static final String COLUMNNAME_RefreshToken = "RefreshToken";
+
+	/** Set Refresh Token	  */
+	public void setRefreshToken (String RefreshToken);
+
+	/** Get Refresh Token	  */
+	public String getRefreshToken();
+
+    /** Column name Updated */
+    public static final String COLUMNNAME_Updated = "Updated";
+
+	/** Get Updated.
+	  * Date this record was updated
+	  */
+	public Timestamp getUpdated();
+
+    /** Column name UpdatedBy */
+    public static final String COLUMNNAME_UpdatedBy = "UpdatedBy";
+
+	/** Get Updated By.
+	  * User who updated this records
+	  */
+	public int getUpdatedBy();
+}

org.adempiere.base/src/org/compiere/model/I_AD_AuthorizationCredential.java

@@ -0,0 +1,200 @@
+/******************************************************************************
+ * Product: iDempiere ERP & CRM Smart Business Solution                       *
+ * Copyright (C) 1999-2012 ComPiere, Inc. All Rights Reserved.                *
+ * This program is free software, you can redistribute it and/or modify it    *
+ * under the terms version 2 of the GNU General Public License as published   *
+ * by the Free Software Foundation. This program is distributed in the hope   *
+ * that it will be useful, but WITHOUT ANY WARRANTY, without even the implied *
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.           *
+ * See the GNU General Public License for more details.                       *
+ * You should have received a copy of the GNU General Public License along    *
+ * with this program, if not, write to the Free Software Foundation, Inc.,    *
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.                     *
+ * For the text or an alternative of this public license, you may reach us    *
+ * ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA        *
+ * or via info@compiere.org or http://www.compiere.org/license.html           *
+ *****************************************************************************/
+package org.compiere.model;
+
+import java.math.BigDecimal;
+import java.sql.Timestamp;
+import org.compiere.util.KeyNamePair;
+
+/** Generated Interface for AD_AuthorizationCredential
+ *  @author iDempiere (generated) 
+ *  @version Release 8.2
+ */
+public interface I_AD_AuthorizationCredential 
+{
+
+    /** TableName=AD_AuthorizationCredential */
+    public static final String Table_Name = "AD_AuthorizationCredential";
+
+    /** AD_Table_ID=200271 */
+    public static final int Table_ID = 200271;
+
+    KeyNamePair Model = new KeyNamePair(Table_ID, Table_Name);
+
+    /** AccessLevel = 6 - System - Client 
+     */
+    BigDecimal accessLevel = BigDecimal.valueOf(6);
+
+    /** Load Meta Data */
+
+    /** Column name AD_AuthorizationCredential_ID */
+    public static final String COLUMNNAME_AD_AuthorizationCredential_ID = "AD_AuthorizationCredential_ID";
+
+	/** Set Authorization Credential	  */
+	public void setAD_AuthorizationCredential_ID (int AD_AuthorizationCredential_ID);
+
+	/** Get Authorization Credential	  */
+	public int getAD_AuthorizationCredential_ID();
+
+    /** Column name AD_AuthorizationCredential_UU */
+    public static final String COLUMNNAME_AD_AuthorizationCredential_UU = "AD_AuthorizationCredential_UU";
+
+	/** Set AD_AuthorizationCredential_UU	  */
+	public void setAD_AuthorizationCredential_UU (String AD_AuthorizationCredential_UU);
+
+	/** Get AD_AuthorizationCredential_UU	  */
+	public String getAD_AuthorizationCredential_UU();
+
+    /** Column name AD_AuthorizationProvider_ID */
+    public static final String COLUMNNAME_AD_AuthorizationProvider_ID = "AD_AuthorizationProvider_ID";
+
+	/** Set Authorization Provider	  */
+	public void setAD_AuthorizationProvider_ID (int AD_AuthorizationProvider_ID);
+
+	/** Get Authorization Provider	  */
+	public int getAD_AuthorizationProvider_ID();
+
+	public org.compiere.model.I_AD_AuthorizationProvider getAD_AuthorizationProvider() throws RuntimeException;
+
+    /** Column name AD_AuthorizationScopeList */
+    public static final String COLUMNNAME_AD_AuthorizationScopeList = "AD_AuthorizationScopeList";
+
+	/** Set Scope List	  */
+	public void setAD_AuthorizationScopeList (String AD_AuthorizationScopeList);
+
+	/** Get Scope List	  */
+	public String getAD_AuthorizationScopeList();
+
+    /** Column name AD_Client_ID */
+    public static final String COLUMNNAME_AD_Client_ID = "AD_Client_ID";
+
+	/** Get Client.
+	  * Client/Tenant for this installation.
+	  */
+	public int getAD_Client_ID();
+
+    /** Column name AD_Org_ID */
+    public static final String COLUMNNAME_AD_Org_ID = "AD_Org_ID";
+
+	/** Set Organization.
+	  * Organizational entity within client
+	  */
+	public void setAD_Org_ID (int AD_Org_ID);
+
+	/** Get Organization.
+	  * Organizational entity within client
+	  */
+	public int getAD_Org_ID();
+
+    /** Column name AuthorizationClientId */
+    public static final String COLUMNNAME_AuthorizationClientId = "AuthorizationClientId";
+
+	/** Set Authorization client-id	  */
+	public void setAuthorizationClientId (String AuthorizationClientId);
+
+	/** Get Authorization client-id	  */
+	public String getAuthorizationClientId();
+
+    /** Column name AuthorizationClientSecret */
+    public static final String COLUMNNAME_AuthorizationClientSecret = "AuthorizationClientSecret";
+
+	/** Set Authorization client-secret	  */
+	public void setAuthorizationClientSecret (String AuthorizationClientSecret);
+
+	/** Get Authorization client-secret	  */
+	public String getAuthorizationClientSecret();
+
+    /** Column name AuthorizationRedirectURL */
+    public static final String COLUMNNAME_AuthorizationRedirectURL = "AuthorizationRedirectURL";
+
+	/** Set Authorization Redirect URL	  */
+	public void setAuthorizationRedirectURL (String AuthorizationRedirectURL);
+
+	/** Get Authorization Redirect URL	  */
+	public String getAuthorizationRedirectURL();
+
+    /** Column name Created */
+    public static final String COLUMNNAME_Created = "Created";
+
+	/** Get Created.
+	  * Date this record was created
+	  */
+	public Timestamp getCreated();
+
+    /** Column name CreatedBy */
+    public static final String COLUMNNAME_CreatedBy = "CreatedBy";
+
+	/** Get Created By.
+	  * User who created this records
+	  */
+	public int getCreatedBy();
+
+    /** Column name Help */
+    public static final String COLUMNNAME_Help = "Help";
+
+	/** Set Comment/Help.
+	  * Comment or Hint
+	  */
+	public void setHelp (String Help);
+
+	/** Get Comment/Help.
+	  * Comment or Hint
+	  */
+	public String getHelp();
+
+    /** Column name IsActive */
+    public static final String COLUMNNAME_IsActive = "IsActive";
+
+	/** Set Active.
+	  * The record is active in the system
+	  */
+	public void setIsActive (boolean IsActive);
+
+	/** Get Active.
+	  * The record is active in the system
+	  */
+	public boolean isActive();
+
+    /** Column name Name */
+    public static final String COLUMNNAME_Name = "Name";
+
+	/** Set Name.
+	  * Alphanumeric identifier of the entity
+	  */
+	public void setName (String Name);
+
+	/** Get Name.
+	  * Alphanumeric identifier of the entity
+	  */
+	public String getName();
+
+    /** Column name Updated */
+    public static final String COLUMNNAME_Updated = "Updated";
+
+	/** Get Updated.
+	  * Date this record was updated
+	  */
+	public Timestamp getUpdated();
+
+    /** Column name UpdatedBy */
+    public static final String COLUMNNAME_UpdatedBy = "UpdatedBy";
+
+	/** Get Updated By.
+	  * User who updated this records
+	  */
+	public int getUpdatedBy();
+}

org.adempiere.base/src/org/compiere/model/I_AD_AuthorizationProvider.java

@@ -0,0 +1,202 @@
+/******************************************************************************
+ * Product: iDempiere ERP & CRM Smart Business Solution                       *
+ * Copyright (C) 1999-2012 ComPiere, Inc. All Rights Reserved.                *
+ * This program is free software, you can redistribute it and/or modify it    *
+ * under the terms version 2 of the GNU General Public License as published   *
+ * by the Free Software Foundation. This program is distributed in the hope   *
+ * that it will be useful, but WITHOUT ANY WARRANTY, without even the implied *
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.           *
+ * See the GNU General Public License for more details.                       *
+ * You should have received a copy of the GNU General Public License along    *
+ * with this program, if not, write to the Free Software Foundation, Inc.,    *
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.                     *
+ * For the text or an alternative of this public license, you may reach us    *
+ * ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA        *
+ * or via info@compiere.org or http://www.compiere.org/license.html           *
+ *****************************************************************************/
+package org.compiere.model;
+
+import java.math.BigDecimal;
+import java.sql.Timestamp;
+import org.compiere.util.KeyNamePair;
+
+/** Generated Interface for AD_AuthorizationProvider
+ *  @author iDempiere (generated) 
+ *  @version Release 8.2
+ */
+public interface I_AD_AuthorizationProvider 
+{
+
+    /** TableName=AD_AuthorizationProvider */
+    public static final String Table_Name = "AD_AuthorizationProvider";
+
+    /** AD_Table_ID=200269 */
+    public static final int Table_ID = 200269;
+
+    KeyNamePair Model = new KeyNamePair(Table_ID, Table_Name);
+
+    /** AccessLevel = 6 - System - Client 
+     */
+    BigDecimal accessLevel = BigDecimal.valueOf(6);
+
+    /** Load Meta Data */
+
+    /** Column name AD_AuthorizationProvider_ID */
+    public static final String COLUMNNAME_AD_AuthorizationProvider_ID = "AD_AuthorizationProvider_ID";
+
+	/** Set Authorization Provider	  */
+	public void setAD_AuthorizationProvider_ID (int AD_AuthorizationProvider_ID);
+
+	/** Get Authorization Provider	  */
+	public int getAD_AuthorizationProvider_ID();
+
+    /** Column name AD_AuthorizationProvider_UU */
+    public static final String COLUMNNAME_AD_AuthorizationProvider_UU = "AD_AuthorizationProvider_UU";
+
+	/** Set AD_AuthorizationProvider_UU	  */
+	public void setAD_AuthorizationProvider_UU (String AD_AuthorizationProvider_UU);
+
+	/** Get AD_AuthorizationProvider_UU	  */
+	public String getAD_AuthorizationProvider_UU();
+
+    /** Column name AD_AuthorizationType */
+    public static final String COLUMNNAME_AD_AuthorizationType = "AD_AuthorizationType";
+
+	/** Set Authorization Type	  */
+	public void setAD_AuthorizationType (String AD_AuthorizationType);
+
+	/** Get Authorization Type	  */
+	public String getAD_AuthorizationType();
+
+    /** Column name AD_Client_ID */
+    public static final String COLUMNNAME_AD_Client_ID = "AD_Client_ID";
+
+	/** Get Client.
+	  * Client/Tenant for this installation.
+	  */
+	public int getAD_Client_ID();
+
+    /** Column name AD_Org_ID */
+    public static final String COLUMNNAME_AD_Org_ID = "AD_Org_ID";
+
+	/** Set Organization.
+	  * Organizational entity within client
+	  */
+	public void setAD_Org_ID (int AD_Org_ID);
+
+	/** Get Organization.
+	  * Organizational entity within client
+	  */
+	public int getAD_Org_ID();
+
+    /** Column name AuthorizationEndpoint */
+    public static final String COLUMNNAME_AuthorizationEndpoint = "AuthorizationEndpoint";
+
+	/** Set Authorization Endpoint	  */
+	public void setAuthorizationEndpoint (String AuthorizationEndpoint);
+
+	/** Get Authorization Endpoint	  */
+	public String getAuthorizationEndpoint();
+
+    /** Column name Created */
+    public static final String COLUMNNAME_Created = "Created";
+
+	/** Get Created.
+	  * Date this record was created
+	  */
+	public Timestamp getCreated();
+
+    /** Column name CreatedBy */
+    public static final String COLUMNNAME_CreatedBy = "CreatedBy";
+
+	/** Get Created By.
+	  * User who created this records
+	  */
+	public int getCreatedBy();
+
+    /** Column name Description */
+    public static final String COLUMNNAME_Description = "Description";
+
+	/** Set Description.
+	  * Optional short description of the record
+	  */
+	public void setDescription (String Description);
+
+	/** Get Description.
+	  * Optional short description of the record
+	  */
+	public String getDescription();
+
+    /** Column name Help */
+    public static final String COLUMNNAME_Help = "Help";
+
+	/** Set Comment/Help.
+	  * Comment or Hint
+	  */
+	public void setHelp (String Help);
+
+	/** Get Comment/Help.
+	  * Comment or Hint
+	  */
+	public String getHelp();
+
+    /** Column name IsActive */
+    public static final String COLUMNNAME_IsActive = "IsActive";
+
+	/** Set Active.
+	  * The record is active in the system
+	  */
+	public void setIsActive (boolean IsActive);
+
+	/** Get Active.
+	  * The record is active in the system
+	  */
+	public boolean isActive();
+
+    /** Column name Name */
+    public static final String COLUMNNAME_Name = "Name";
+
+	/** Set Name.
+	  * Alphanumeric identifier of the entity
+	  */
+	public void setName (String Name);
+
+	/** Get Name.
+	  * Alphanumeric identifier of the entity
+	  */
+	public String getName();
+
+    /** Column name RevokeEndpoint */
+    public static final String COLUMNNAME_RevokeEndpoint = "RevokeEndpoint";
+
+	/** Set Revoke Endpoint	  */
+	public void setRevokeEndpoint (String RevokeEndpoint);
+
+	/** Get Revoke Endpoint	  */
+	public String getRevokeEndpoint();
+
+    /** Column name TokenEndpoint */
+    public static final String COLUMNNAME_TokenEndpoint = "TokenEndpoint";
+
+	/** Set Token Endpoint	  */
+	public void setTokenEndpoint (String TokenEndpoint);
+
+	/** Get Token Endpoint	  */
+	public String getTokenEndpoint();
+
+    /** Column name Updated */
+    public static final String COLUMNNAME_Updated = "Updated";
+
+	/** Get Updated.
+	  * Date this record was updated
+	  */
+	public Timestamp getUpdated();
+
+    /** Column name UpdatedBy */
+    public static final String COLUMNNAME_UpdatedBy = "UpdatedBy";
+
+	/** Get Updated By.
+	  * User who updated this records
+	  */
+	public int getUpdatedBy();
+}

org.adempiere.base/src/org/compiere/model/I_AD_AuthorizationScopeProv.java

@@ -0,0 +1,156 @@
+/******************************************************************************
+ * Product: iDempiere ERP & CRM Smart Business Solution                       *
+ * Copyright (C) 1999-2012 ComPiere, Inc. All Rights Reserved.                *
+ * This program is free software, you can redistribute it and/or modify it    *
+ * under the terms version 2 of the GNU General Public License as published   *
+ * by the Free Software Foundation. This program is distributed in the hope   *
+ * that it will be useful, but WITHOUT ANY WARRANTY, without even the implied *
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.           *
+ * See the GNU General Public License for more details.                       *
+ * You should have received a copy of the GNU General Public License along    *
+ * with this program, if not, write to the Free Software Foundation, Inc.,    *
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.                     *
+ * For the text or an alternative of this public license, you may reach us    *
+ * ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA        *
+ * or via info@compiere.org or http://www.compiere.org/license.html           *
+ *****************************************************************************/
+package org.compiere.model;
+
+import java.math.BigDecimal;
+import java.sql.Timestamp;
+import org.compiere.util.KeyNamePair;
+
+/** Generated Interface for AD_AuthorizationScopeProv
+ *  @author iDempiere (generated) 
+ *  @version Release 8.2
+ */
+public interface I_AD_AuthorizationScopeProv 
+{
+
+    /** TableName=AD_AuthorizationScopeProv */
+    public static final String Table_Name = "AD_AuthorizationScopeProv";
+
+    /** AD_Table_ID=200270 */
+    public static final int Table_ID = 200270;
+
+    KeyNamePair Model = new KeyNamePair(Table_ID, Table_Name);
+
+    /** AccessLevel = 6 - System - Client 
+     */
+    BigDecimal accessLevel = BigDecimal.valueOf(6);
+
+    /** Load Meta Data */
+
+    /** Column name AD_AuthorizationProvider_ID */
+    public static final String COLUMNNAME_AD_AuthorizationProvider_ID = "AD_AuthorizationProvider_ID";
+
+	/** Set Authorization Provider	  */
+	public void setAD_AuthorizationProvider_ID (int AD_AuthorizationProvider_ID);
+
+	/** Get Authorization Provider	  */
+	public int getAD_AuthorizationProvider_ID();
+
+	public org.compiere.model.I_AD_AuthorizationProvider getAD_AuthorizationProvider() throws RuntimeException;
+
+    /** Column name AD_AuthorizationScope */
+    public static final String COLUMNNAME_AD_AuthorizationScope = "AD_AuthorizationScope";
+
+	/** Set Authorization Scope	  */
+	public void setAD_AuthorizationScope (String AD_AuthorizationScope);
+
+	/** Get Authorization Scope	  */
+	public String getAD_AuthorizationScope();
+
+    /** Column name AD_AuthorizationScopeProv_ID */
+    public static final String COLUMNNAME_AD_AuthorizationScopeProv_ID = "AD_AuthorizationScopeProv_ID";
+
+	/** Set Authorization Scope Provider	  */
+	public void setAD_AuthorizationScopeProv_ID (int AD_AuthorizationScopeProv_ID);
+
+	/** Get Authorization Scope Provider	  */
+	public int getAD_AuthorizationScopeProv_ID();
+
+    /** Column name AD_AuthorizationScopeProv_UU */
+    public static final String COLUMNNAME_AD_AuthorizationScopeProv_UU = "AD_AuthorizationScopeProv_UU";
+
+	/** Set AD_AuthorizationScopeProv_UU	  */
+	public void setAD_AuthorizationScopeProv_UU (String AD_AuthorizationScopeProv_UU);
+
+	/** Get AD_AuthorizationScopeProv_UU	  */
+	public String getAD_AuthorizationScopeProv_UU();
+
+    /** Column name AD_Client_ID */
+    public static final String COLUMNNAME_AD_Client_ID = "AD_Client_ID";
+
+	/** Get Client.
+	  * Client/Tenant for this installation.
+	  */
+	public int getAD_Client_ID();
+
+    /** Column name AD_Org_ID */
+    public static final String COLUMNNAME_AD_Org_ID = "AD_Org_ID";
+
+	/** Set Organization.
+	  * Organizational entity within client
+	  */
+	public void setAD_Org_ID (int AD_Org_ID);
+
+	/** Get Organization.
+	  * Organizational entity within client
+	  */
+	public int getAD_Org_ID();
+
+    /** Column name Created */
+    public static final String COLUMNNAME_Created = "Created";
+
+	/** Get Created.
+	  * Date this record was created
+	  */
+	public Timestamp getCreated();
+
+    /** Column name CreatedBy */
+    public static final String COLUMNNAME_CreatedBy = "CreatedBy";
+
+	/** Get Created By.
+	  * User who created this records
+	  */
+	public int getCreatedBy();
+
+    /** Column name IsActive */
+    public static final String COLUMNNAME_IsActive = "IsActive";
+
+	/** Set Active.
+	  * The record is active in the system
+	  */
+	public void setIsActive (boolean IsActive);
+
+	/** Get Active.
+	  * The record is active in the system
+	  */
+	public boolean isActive();
+
+    /** Column name ScopeURL */
+    public static final String COLUMNNAME_ScopeURL = "ScopeURL";
+
+	/** Set Scope URL	  */
+	public void setScopeURL (String ScopeURL);
+
+	/** Get Scope URL	  */
+	public String getScopeURL();
+
+    /** Column name Updated */
+    public static final String COLUMNNAME_Updated = "Updated";
+
+	/** Get Updated.
+	  * Date this record was updated
+	  */
+	public Timestamp getUpdated();
+
+    /** Column name UpdatedBy */
+    public static final String COLUMNNAME_UpdatedBy = "UpdatedBy";
+
+	/** Get Updated By.
+	  * User who updated this records
+	  */
+	public int getUpdatedBy();
+}

org.adempiere.base/src/org/compiere/model/MAuthorizationAccount.java

@@ -0,0 +1,179 @@
+/***********************************************************************
+ * This file is part of iDempiere ERP Open Source                      *
+ * http://www.idempiere.org                                            *
+ *                                                                     *
+ * Copyright (C) Contributors                                          *
+ *                                                                     *
+ * This program is free software; you can redistribute it and/or       *
+ * modify it under the terms of the GNU General Public License         *
+ * as published by the Free Software Foundation; either version 2      *
+ * of the License, or (at your option) any later version.              *
+ *                                                                     *
+ * This program is distributed in the hope that it will be useful,     *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of      *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the        *
+ * GNU General Public License for more details.                        *
+ *                                                                     *
+ * You should have received a copy of the GNU General Public License   *
+ * along with this program; if not, write to the Free Software         *
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,          *
+ * MA 02110-1301, USA.                                                 *
+ *                                                                     *
+ * Contributors:                                                       *
+ * - Carlos Ruiz (sponsored by FH)                                     *
+ **********************************************************************/
+package org.compiere.model;
+
+import java.io.IOException;
+import java.math.BigDecimal;
+import java.security.GeneralSecurityException;
+import java.sql.ResultSet;
+import java.sql.Timestamp;
+import java.util.Properties;
+
+import org.compiere.util.DB;
+import org.compiere.util.Env;
+import org.compiere.util.SecureEngine;
+
+import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
+import com.google.api.client.auth.oauth2.RefreshTokenRequest;
+import com.google.api.client.auth.oauth2.TokenResponse;
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.javanet.NetHttpTransport;
+import com.google.api.client.json.gson.GsonFactory;
+
+/**
+ * Authorization Account
+ */
+public class MAuthorizationAccount extends X_AD_AuthorizationAccount {
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -6808970904951033494L;
+
+	/**
+	 * Create empty Authorization Account
+	 *
+	 * @param ctx              context
+	 * @param AD_AuthorizationAccount_ID ID
+	 * @param trxName          transaction
+	 */
+	public MAuthorizationAccount(Properties ctx, int AD_AuthorizationAccount_ID, String trxName) {
+		super(ctx, AD_AuthorizationAccount_ID, trxName);
+	} // MAuthorizationAccount
+
+	/**
+	 * Create Authorization Account from current row in ResultSet
+	 *
+	 * @param ctx     context
+	 * @param rs      ResultSet
+	 * @param trxName transaction
+	 */
+	public MAuthorizationAccount(Properties ctx, ResultSet rs, String trxName) {
+		super(ctx, rs, trxName);
+	} // MAuthorizationAccount
+
+	/**
+	 * Try to find a refresh token from another account with same email in the same credential
+	 * @return
+	 */
+	public String findRefreshToken() {
+		final String where = "AD_AuthorizationCredential_ID=? "
+				+ "AND EMail=? "
+				+ "AND AD_AuthorizationAccount_ID!=? "
+				+ "AND IsAuthorized='Y' "
+				+ "AND AccessToken IS NOT NULL "
+				+ "AND RefreshToken IS NOT NULL";
+		MAuthorizationAccount other = new Query(Env.getCtx(), Table_Name, where, get_TrxName())
+				.setOnlyActiveRecords(true)
+				.setParameters(getAD_AuthorizationCredential_ID(), getEMail(), getAD_AuthorizationAccount_ID())
+				.first();
+		return other != null ? other.getRefreshToken() : null;
+	}
+
+	/**
+	 * Synchronize information on other accounts with same email in the same credential
+	 */
+	public void syncOthers() {
+		final String script = "UPDATE AD_AuthorizationAccount "
+				+ "SET AccessToken=?, AccessTokenTimestamp=?, ExpireInSeconds=? "
+				+ "WHERE AD_AuthorizationAccount_ID!=? "
+				+ "AND EMail=? "
+				+ "AND AD_AuthorizationCredential_ID=? "
+				+ "AND IsAuthorized='Y' "
+				+ "AND RefreshToken IS NOT NULL";
+		String accessToken = getAccessToken();
+		accessToken = SecureEngine.encrypt(accessToken, getAD_Client_ID());
+		DB.executeUpdateEx(script.toString(), new Object[] {
+				accessToken,
+				getAccessTokenTimestamp(),
+				getExpireInSeconds(),
+				getAD_AuthorizationAccount_ID(),
+				getEMail(),
+				getAD_AuthorizationCredential_ID()
+				},
+				get_TrxName());
+	}
+
+	/**
+	 * Refresh access token ( if has expire )
+	 * @throws GeneralSecurityException
+	 * @throws IOException
+	 */
+	public synchronized void refresh() throws GeneralSecurityException, IOException {
+		Timestamp ts = getAccessTokenTimestamp();
+		long seconds = getExpireInSeconds().longValue();
+		long expire = ts.getTime() + (seconds * 1000);
+		if (System.currentTimeMillis() >= expire) {
+			ts = new Timestamp(System.currentTimeMillis());
+			MAuthorizationCredential credential = new MAuthorizationCredential(getCtx(), getAD_AuthorizationCredential_ID(), get_TrxName());
+			MAuthorizationProvider provider = new MAuthorizationProvider(getCtx(), credential.getAD_AuthorizationProvider_ID(), get_TrxName());
+			GenericUrl url = new GenericUrl(provider.getTokenEndpoint());
+			RefreshTokenRequest request = new RefreshTokenRequest(new NetHttpTransport(),
+					GsonFactory.getDefaultInstance(),
+					url,
+					getRefreshToken());
+			String clientId = credential.getAuthorizationClientId();
+			String clientSecret = credential.getAuthorizationClientSecret();
+			request.setClientAuthentication(new ClientParametersAuthentication(clientId, clientSecret));
+			TokenResponse response = request.execute();
+			if (response.getRefreshToken() != null) {
+				// OAuth2 Spec -> The authorization server MAY issue a new refresh token, in which case
+				//   the client MUST discard the old refresh token and replace it with the
+				//   new refresh token
+				setRefreshToken(response.getRefreshToken());
+			}
+			setAccessToken(response.getAccessToken());
+			setAccessTokenTimestamp(ts);
+			setExpireInSeconds(new BigDecimal(response.getExpiresInSeconds()));
+			saveEx();
+		}
+	}
+
+	/**
+	 * Get a valid account from this email
+	 * @param email
+	 * @return
+	 */
+	public static MAuthorizationAccount getEMailAccount(String email) {
+		String where = "EMail=? AND AD_AuthorizationScope=? AND AD_Client_ID IN (0,?) AND IsAccessRevoked='N' AND IsAuthorized='Y'";
+		MAuthorizationAccount account = new Query(Env.getCtx(), Table_Name, where, null)
+				.setOnlyActiveRecords(true)
+				.setParameters(email, AD_AUTHORIZATIONSCOPE_EMail, Env.getAD_Client_ID(Env.getCtx()))
+				.setOrderBy("AD_Client_ID DESC, Updated DESC")
+				.first();
+		return account;
+	}
+
+	/**
+	 * Get an authorization token - refresh it if expired
+	 * @return AuthorizationToken
+	 * @throws GeneralSecurityException
+	 * @throws IOException
+	 */
+	public String refreshAndGetAccessToken() throws GeneralSecurityException, IOException {
+		refresh();
+		return getAccessToken();
+	}
+
+} // MAuthorizationAccount

org.adempiere.base/src/org/compiere/model/MAuthorizationCredential.java

@@ -0,0 +1,216 @@
+/***********************************************************************
+ * This file is part of iDempiere ERP Open Source                      *
+ * http://www.idempiere.org                                            *
+ *                                                                     *
+ * Copyright (C) Contributors                                          *
+ *                                                                     *
+ * This program is free software; you can redistribute it and/or       *
+ * modify it under the terms of the GNU General Public License         *
+ * as published by the Free Software Foundation; either version 2      *
+ * of the License, or (at your option) any later version.              *
+ *                                                                     *
+ * This program is distributed in the hope that it will be useful,     *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of      *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the        *
+ * GNU General Public License for more details.                        *
+ *                                                                     *
+ * You should have received a copy of the GNU General Public License   *
+ * along with this program; if not, write to the Free Software         *
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,          *
+ * MA 02110-1301, USA.                                                 *
+ *                                                                     *
+ * Contributors:                                                       *
+ * - Carlos Ruiz (sponsored by FH)                                     *
+ **********************************************************************/
+package org.compiere.model;
+
+import java.math.BigDecimal;
+import java.sql.ResultSet;
+import java.sql.Timestamp;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
+import org.adempiere.exceptions.AdempiereException;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.utils.URLEncodedUtils;
+import org.apache.http.message.BasicNameValuePair;
+import org.compiere.util.Env;
+import org.compiere.util.Msg;
+
+import com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest;
+import com.google.api.client.auth.oauth2.ClientParametersAuthentication;
+import com.google.api.client.auth.oauth2.TokenResponse;
+import com.google.api.client.auth.openidconnect.IdToken;
+import com.google.api.client.http.GenericUrl;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.http.HttpRequestFactory;
+import com.google.api.client.http.javanet.NetHttpTransport;
+import com.google.api.client.json.gson.GsonFactory;
+
+/**
+ * Authorization Credential
+ */
+public class MAuthorizationCredential extends X_AD_AuthorizationCredential {
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -2433704480923324032L;
+
+	/**
+	 * Create empty Authorization Credential
+	 *
+	 * @param ctx              context
+	 * @param AD_AuthorizationCredential_ID ID
+	 * @param trxName          transaction
+	 */
+	public MAuthorizationCredential(Properties ctx, int AD_AuthorizationCredential_ID, String trxName) {
+		super(ctx, AD_AuthorizationCredential_ID, trxName);
+	} // MAuthorizationCredential
+
+	/**
+	 * Create Authorization Credential from current row in ResultSet
+	 *
+	 * @param ctx     context
+	 * @param rs      ResultSet
+	 * @param trxName transaction
+	 */
+	public MAuthorizationCredential(Properties ctx, ResultSet rs, String trxName) {
+		super(ctx, rs, trxName);
+	} // MAuthorizationCredential
+
+	/**
+	 * Create or Update an Account based on the token received
+	 * @param code
+	 * @param pinstance 
+	 * @return String message indicating success
+	 */
+	public String processToken(String code, MPInstance pinstance) {
+		String msg = null;
+		try {
+			String clientId = getAuthorizationClientId();
+			String clientSecret = getAuthorizationClientSecret();
+			Timestamp ts = new Timestamp(System.currentTimeMillis());
+			MAuthorizationProvider ap = new MAuthorizationProvider(getCtx(), getAD_AuthorizationProvider_ID(), get_TrxName());
+			AuthorizationCodeTokenRequest request = new AuthorizationCodeTokenRequest(new NetHttpTransport(),
+					GsonFactory.getDefaultInstance(),
+					new GenericUrl(ap.getTokenEndpoint()), code);
+			request.setRedirectUri(getAuthorizationRedirectURL());
+			request.setClientAuthentication(new ClientParametersAuthentication(clientId, clientSecret));
+			TokenResponse tokenResponse = request.execute();
+			Object id_token = tokenResponse.get("id_token");
+			String email = null;
+			if (id_token != null && id_token instanceof String) {
+				IdToken idtoken = IdToken.parse(tokenResponse.getFactory(), (String) tokenResponse.get("id_token"));
+				email = (String) idtoken.getPayload().get("email");
+			}
+			if (email == null) {
+				msg = Msg.parseTranslation(getCtx(), "@Error@ @OAuthProcessToken_CouldNotGetEMail@");
+				return msg;
+			}
+
+			boolean newAccount = false;
+			MAuthorizationAccount account = null;
+			Query query = new Query(Env.getCtx(), MAuthorizationAccount.Table_Name, "AD_Client_ID=? AND AD_User_ID=? AND EMail=? AND AD_AuthorizationCredential_ID=?", get_TrxName());
+			query.setParameters(Env.getAD_Client_ID(Env.getCtx()), Env.getAD_User_ID(Env.getCtx()), email, getAD_AuthorizationCredential_ID());
+			account = query.first();
+			if (account == null) {
+				account = new MAuthorizationAccount(Env.getCtx(), 0, get_TrxName());
+				account.setEMail(email);
+				account.setAD_AuthorizationCredential_ID(getAD_AuthorizationCredential_ID());
+				account.setAD_User_ID(Env.getAD_User_ID(Env.getCtx()));
+				newAccount = true;
+			}
+
+			account.setAccessToken(tokenResponse.getAccessToken());
+			account.setAccessTokenTimestamp(ts);
+			account.setExpireInSeconds(BigDecimal.valueOf(tokenResponse.getExpiresInSeconds()));
+			account.setAD_AuthorizationScope(MAuthorizationAccount.AD_AUTHORIZATIONSCOPE_EMail);
+			account.setIsAuthorized(true);
+			account.setIsActive(true);
+
+			if (tokenResponse.getRefreshToken() == null && account.getRefreshToken() == null) {
+				String refreshToken = account.findRefreshToken();
+				if (refreshToken != null) {
+					account.setRefreshToken(refreshToken);
+				}
+			}
+
+			if (tokenResponse.getRefreshToken() == null && account.getRefreshToken() == null) {
+				//revoke access and ask for retry
+				MAuthorizationProvider provider = new MAuthorizationProvider(getCtx(), getAD_AuthorizationProvider_ID(), get_TrxName());
+				String revokeEndPoint = provider.getRevokeEndpoint();
+				if (revokeEndPoint != null) {
+					HttpRequestFactory factory = new NetHttpTransport().createRequestFactory();
+					GenericUrl url = new GenericUrl(revokeEndPoint + "?token="+account.getAccessToken());
+					HttpRequest revokeRequest = factory.buildGetRequest(url);
+					revokeRequest.execute();
+				}
+				msg = Msg.parseTranslation(getCtx(), "@Error@ @OAuthProcessToken_NoRefreshToken@");
+				return msg;
+			}
+
+			if (tokenResponse.getRefreshToken() != null) {
+				account.setRefreshToken(tokenResponse.getRefreshToken());
+			}
+			account.saveEx();
+			if (pinstance != null) {
+				String logmsg = Msg.parseTranslation(getCtx(), (newAccount ? "@Created@" : "@Updated@") + " @AD_AuthorizationAccount_ID@ for ") + account.getEMail();
+				MPInstanceLog pilog = pinstance.addLog(null, 0, null, logmsg, MAuthorizationAccount.Table_ID, account.getAD_AuthorizationAccount_ID());
+				pilog.saveEx();
+			}
+			account.syncOthers();
+			if (newAccount)
+				msg = Msg.getMsg(getCtx(), "Authorization_Access_OK", new Object[] {account.getEMail()});
+			else
+				msg = Msg.getMsg(getCtx(), "Authorization_Access_Previous", new Object[] {account.getEMail()});
+		} catch (Exception ex) {
+			ex.printStackTrace();
+			msg = Msg.getMsg(getCtx(), "Error") + ex.getLocalizedMessage();
+			return msg;
+		}
+
+		return msg;
+	}
+
+	/**
+	 * Get a complete Authorization end point URL with all the parameters required
+	 * @param scope
+	 * @param state
+	 * @return
+	 */
+	public String getFullAuthorizationEndpoint(String scope, String state) {
+		String scopeUrl = findScopeUrl(scope);
+		if (scopeUrl == null)
+			throw new AdempiereException("Could not find scope " + scope + " for provider " + getAD_AuthorizationProvider_ID());
+		MAuthorizationProvider provider = new MAuthorizationProvider(getCtx(), getAD_AuthorizationProvider_ID(), get_TrxName());
+		String authEndPoint = provider.getAuthorizationEndpoint();
+		StringBuilder url = new StringBuilder(authEndPoint).append("?");
+		List<NameValuePair> nameValuePairs = new ArrayList<>();
+		nameValuePairs.add(new BasicNameValuePair("scope", scopeUrl));
+		nameValuePairs.add(new BasicNameValuePair("redirect_uri", getAuthorizationRedirectURL()));
+		nameValuePairs.add(new BasicNameValuePair("access_type", "offline")); // required by google
+		nameValuePairs.add(new BasicNameValuePair("response_type", "code"));
+		nameValuePairs.add(new BasicNameValuePair("client_id", getAuthorizationClientId()));
+		nameValuePairs.add(new BasicNameValuePair("state", state));
+		url.append(URLEncodedUtils.format(nameValuePairs, "UTF-8"));
+		return url.toString();
+	}
+
+	/**
+	 * Get the scope URL for the authorization provider
+	 * @param scope
+	 * @return
+	 */
+	private String findScopeUrl(String scope) {
+		String scopeUrl = null;
+		MAuthorizationScopeProv scpr = new Query(Env.getCtx(), MAuthorizationScopeProv.Table_Name, "AD_AuthorizationProvider_ID=? AND AD_AuthorizationScope=?", get_TrxName())
+				.setOnlyActiveRecords(true)
+				.setParameters(getAD_AuthorizationProvider_ID(), scope)
+				.first();
+		if (scpr != null)
+			scopeUrl = scpr.getScopeURL();
+		return scopeUrl;
+	}
+
+} // MAuthorizationCredential

org.adempiere.base/src/org/compiere/model/MAuthorizationProvider.java

@@ -0,0 +1,61 @@
+/***********************************************************************
+ * This file is part of iDempiere ERP Open Source                      *
+ * http://www.idempiere.org                                            *
+ *                                                                     *
+ * Copyright (C) Contributors                                          *
+ *                                                                     *
+ * This program is free software; you can redistribute it and/or       *
+ * modify it under the terms of the GNU General Public License         *
+ * as published by the Free Software Foundation; either version 2      *
+ * of the License, or (at your option) any later version.              *
+ *                                                                     *
+ * This program is distributed in the hope that it will be useful,     *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of      *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the        *
+ * GNU General Public License for more details.                        *
+ *                                                                     *
+ * You should have received a copy of the GNU General Public License   *
+ * along with this program; if not, write to the Free Software         *
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,          *
+ * MA 02110-1301, USA.                                                 *
+ *                                                                     *
+ * Contributors:                                                       *
+ * - Carlos Ruiz (sponsored by FH)                                     *
+ **********************************************************************/
+package org.compiere.model;
+
+import java.sql.ResultSet;
+import java.util.Properties;
+
+/**
+ * Authorization Provider
+ */
+public class MAuthorizationProvider extends X_AD_AuthorizationProvider {
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -5486619727437115587L;
+
+	/**
+	 * Create empty Authorization Provider
+	 *
+	 * @param ctx              context
+	 * @param AD_AuthorizationProvider_ID ID
+	 * @param trxName          transaction
+	 */
+	public MAuthorizationProvider(Properties ctx, int AD_AuthorizationProvider_ID, String trxName) {
+		super(ctx, AD_AuthorizationProvider_ID, trxName);
+	} // MAuthorizationProvider
+
+	/**
+	 * Create Authorization Provider from current row in ResultSet
+	 *
+	 * @param ctx     context
+	 * @param rs      ResultSet
+	 * @param trxName transaction
+	 */
+	public MAuthorizationProvider(Properties ctx, ResultSet rs, String trxName) {
+		super(ctx, rs, trxName);
+	} // MAuthorizationProvider
+
+} // MAuthorizationProvider

org.adempiere.base/src/org/compiere/model/MAuthorizationScopeProv.java

@@ -0,0 +1,61 @@
+/***********************************************************************
+ * This file is part of iDempiere ERP Open Source                      *
+ * http://www.idempiere.org                                            *
+ *                                                                     *
+ * Copyright (C) Contributors                                          *
+ *                                                                     *
+ * This program is free software; you can redistribute it and/or       *
+ * modify it under the terms of the GNU General Public License         *
+ * as published by the Free Software Foundation; either version 2      *
+ * of the License, or (at your option) any later version.              *
+ *                                                                     *
+ * This program is distributed in the hope that it will be useful,     *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of      *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the        *
+ * GNU General Public License for more details.                        *
+ *                                                                     *
+ * You should have received a copy of the GNU General Public License   *
+ * along with this program; if not, write to the Free Software         *
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,          *
+ * MA 02110-1301, USA.                                                 *
+ *                                                                     *
+ * Contributors:                                                       *
+ * - Carlos Ruiz (sponsored by FH)                                     *
+ **********************************************************************/
+package org.compiere.model;
+
+import java.sql.ResultSet;
+import java.util.Properties;
+
+/**
+ * Authorization ScopeProvider
+ */
+public class MAuthorizationScopeProv extends X_AD_AuthorizationScopeProv {
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -1862019802912162492L;
+
+	/**
+	 * Create empty Authorization ScopeProvider
+	 *
+	 * @param ctx              context
+	 * @param AD_AuthorizationScopeProv_ID ID
+	 * @param trxName          transaction
+	 */
+	public MAuthorizationScopeProv(Properties ctx, int AD_AuthorizationScopeProv_ID, String trxName) {
+		super(ctx, AD_AuthorizationScopeProv_ID, trxName);
+	} // MAuthorizationScopeProv
+
+	/**
+	 * Create Authorization ScopeProvider from current row in ResultSet
+	 *
+	 * @param ctx     context
+	 * @param rs      ResultSet
+	 * @param trxName transaction
+	 */
+	public MAuthorizationScopeProv(Properties ctx, ResultSet rs, String trxName) {
+		super(ctx, rs, trxName);
+	} // MAuthorizationScopeProv
+
+} // MAuthorizationScopeProv

org.adempiere.base/src/org/compiere/model/MClient.java

@@ -31,6 +31,7 @@ import java.util.logging.Level;
 
 import javax.mail.internet.InternetAddress;
 
+import org.adempiere.exceptions.AdempiereException;
 import org.compiere.util.CLogger;
 import org.compiere.util.DB;
 import org.compiere.util.EMail;
@@ -555,8 +556,7 @@ public class MClient extends X_AD_Client implements ImmutablePOSupport
 		}
 		catch (Exception ex)
 		{
-			log.severe(getName() + " - " + ex.getLocalizedMessage());
+			throw new AdempiereException(ex);
-			return ex.getLocalizedMessage();
 		}
 	}	//	testEMail
 

org.adempiere.base/src/org/compiere/model/SystemIDs.java

@@ -59,6 +59,7 @@ public class SystemIDs
 	public final static int FORM_ARCHIVEVIEWER = 118;
 	public final static int FORM_REPORT_WIZARD = 200002;
 	public final static int FORM_SETUP_WIZARD = 200000;
+	public final static int FORM_ADD_AUTHORIZATION = 200016;
 
 	public final static int MENU_NOTICE = 233;
 

org.adempiere.base/src/org/compiere/model/X_AD_AuthorizationAccount.java

@@ -0,0 +1,327 @@
+/******************************************************************************
+ * Product: iDempiere ERP & CRM Smart Business Solution                       *
+ * Copyright (C) 1999-2012 ComPiere, Inc. All Rights Reserved.                *
+ * This program is free software, you can redistribute it and/or modify it    *
+ * under the terms version 2 of the GNU General Public License as published   *
+ * by the Free Software Foundation. This program is distributed in the hope   *
+ * that it will be useful, but WITHOUT ANY WARRANTY, without even the implied *
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.           *
+ * See the GNU General Public License for more details.                       *
+ * You should have received a copy of the GNU General Public License along    *
+ * with this program, if not, write to the Free Software Foundation, Inc.,    *
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.                     *
+ * For the text or an alternative of this public license, you may reach us    *
+ * ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA        *
+ * or via info@compiere.org or http://www.compiere.org/license.html           *
+ *****************************************************************************/
+/** Generated Model - DO NOT CHANGE */
+package org.compiere.model;
+
+import java.math.BigDecimal;
+import java.sql.ResultSet;
+import java.sql.Timestamp;
+import java.util.Properties;
+import org.compiere.util.Env;
+
+/** Generated Model for AD_AuthorizationAccount
+ *  @author iDempiere (generated) 
+ *  @version Release 8.2 - $Id$ */
+public class X_AD_AuthorizationAccount extends PO implements I_AD_AuthorizationAccount, I_Persistent 
+{
+
+	/**
+	 *
+	 */
+	private static final long serialVersionUID = 20210224L;
+
+    /** Standard Constructor */
+    public X_AD_AuthorizationAccount (Properties ctx, int AD_AuthorizationAccount_ID, String trxName)
+    {
+      super (ctx, AD_AuthorizationAccount_ID, trxName);
+      /** if (AD_AuthorizationAccount_ID == 0)
+        {
+			setAD_AuthorizationAccount_ID (0);
+			setIsAccessRevoked (false);
+// N
+			setIsAuthorized (false);
+// N
+        } */
+    }
+
+    /** Load Constructor */
+    public X_AD_AuthorizationAccount (Properties ctx, ResultSet rs, String trxName)
+    {
+      super (ctx, rs, trxName);
+    }
+
+    /** AccessLevel
+      * @return 6 - System - Client 
+      */
+    protected int get_AccessLevel()
+    {
+      return accessLevel.intValue();
+    }
+
+    /** Load Meta Data */
+    protected POInfo initPO (Properties ctx)
+    {
+      POInfo poi = POInfo.getPOInfo (ctx, Table_ID, get_TrxName());
+      return poi;
+    }
+
+    public String toString()
+    {
+      StringBuilder sb = new StringBuilder ("X_AD_AuthorizationAccount[")
+        .append(get_ID()).append("]");
+      return sb.toString();
+    }
+
+	/** Set Access Token.
+		@param AccessToken Access Token	  */
+	public void setAccessToken (String AccessToken)
+	{
+		set_Value (COLUMNNAME_AccessToken, AccessToken);
+	}
+
+	/** Get Access Token.
+		@return Access Token	  */
+	public String getAccessToken () 
+	{
+		return (String)get_Value(COLUMNNAME_AccessToken);
+	}
+
+	/** Set Access Token Timestamp.
+		@param AccessTokenTimestamp Access Token Timestamp	  */
+	public void setAccessTokenTimestamp (Timestamp AccessTokenTimestamp)
+	{
+		set_Value (COLUMNNAME_AccessTokenTimestamp, AccessTokenTimestamp);
+	}
+
+	/** Get Access Token Timestamp.
+		@return Access Token Timestamp	  */
+	public Timestamp getAccessTokenTimestamp () 
+	{
+		return (Timestamp)get_Value(COLUMNNAME_AccessTokenTimestamp);
+	}
+
+	/** Set Authorization Account.
+		@param AD_AuthorizationAccount_ID Authorization Account	  */
+	public void setAD_AuthorizationAccount_ID (int AD_AuthorizationAccount_ID)
+	{
+		if (AD_AuthorizationAccount_ID < 1) 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationAccount_ID, null);
+		else 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationAccount_ID, Integer.valueOf(AD_AuthorizationAccount_ID));
+	}
+
+	/** Get Authorization Account.
+		@return Authorization Account	  */
+	public int getAD_AuthorizationAccount_ID () 
+	{
+		Integer ii = (Integer)get_Value(COLUMNNAME_AD_AuthorizationAccount_ID);
+		if (ii == null)
+			 return 0;
+		return ii.intValue();
+	}
+
+	/** Set AD_AuthorizationAccount_UU.
+		@param AD_AuthorizationAccount_UU AD_AuthorizationAccount_UU	  */
+	public void setAD_AuthorizationAccount_UU (String AD_AuthorizationAccount_UU)
+	{
+		set_Value (COLUMNNAME_AD_AuthorizationAccount_UU, AD_AuthorizationAccount_UU);
+	}
+
+	/** Get AD_AuthorizationAccount_UU.
+		@return AD_AuthorizationAccount_UU	  */
+	public String getAD_AuthorizationAccount_UU () 
+	{
+		return (String)get_Value(COLUMNNAME_AD_AuthorizationAccount_UU);
+	}
+
+	public org.compiere.model.I_AD_AuthorizationCredential getAD_AuthorizationCredential() throws RuntimeException
+    {
+		return (org.compiere.model.I_AD_AuthorizationCredential)MTable.get(getCtx(), org.compiere.model.I_AD_AuthorizationCredential.Table_Name)
+			.getPO(getAD_AuthorizationCredential_ID(), get_TrxName());	}
+
+	/** Set Authorization Credential.
+		@param AD_AuthorizationCredential_ID Authorization Credential	  */
+	public void setAD_AuthorizationCredential_ID (int AD_AuthorizationCredential_ID)
+	{
+		if (AD_AuthorizationCredential_ID < 1) 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationCredential_ID, null);
+		else 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationCredential_ID, Integer.valueOf(AD_AuthorizationCredential_ID));
+	}
+
+	/** Get Authorization Credential.
+		@return Authorization Credential	  */
+	public int getAD_AuthorizationCredential_ID () 
+	{
+		Integer ii = (Integer)get_Value(COLUMNNAME_AD_AuthorizationCredential_ID);
+		if (ii == null)
+			 return 0;
+		return ii.intValue();
+	}
+
+	/** AD_AuthorizationScope AD_Reference_ID=200185 */
+	public static final int AD_AUTHORIZATIONSCOPE_AD_Reference_ID=200185;
+	/** Calendar = Calendar */
+	public static final String AD_AUTHORIZATIONSCOPE_Calendar = "Calendar";
+	/** EMail = EMail */
+	public static final String AD_AUTHORIZATIONSCOPE_EMail = "EMail";
+	/** Document = Document */
+	public static final String AD_AUTHORIZATIONSCOPE_Document = "Document";
+	/** Profile = Profile */
+	public static final String AD_AUTHORIZATIONSCOPE_Profile = "Profile";
+	/** Storage = Storage */
+	public static final String AD_AUTHORIZATIONSCOPE_Storage = "Storage";
+	/** Set Authorization Scope.
+		@param AD_AuthorizationScope Authorization Scope	  */
+	public void setAD_AuthorizationScope (String AD_AuthorizationScope)
+	{
+
+		set_Value (COLUMNNAME_AD_AuthorizationScope, AD_AuthorizationScope);
+	}
+
+	/** Get Authorization Scope.
+		@return Authorization Scope	  */
+	public String getAD_AuthorizationScope () 
+	{
+		return (String)get_Value(COLUMNNAME_AD_AuthorizationScope);
+	}
+
+	public org.compiere.model.I_AD_User getAD_User() throws RuntimeException
+    {
+		return (org.compiere.model.I_AD_User)MTable.get(getCtx(), org.compiere.model.I_AD_User.Table_Name)
+			.getPO(getAD_User_ID(), get_TrxName());	}
+
+	/** Set User/Contact.
+		@param AD_User_ID 
+		User within the system - Internal or Business Partner Contact
+	  */
+	public void setAD_User_ID (int AD_User_ID)
+	{
+		if (AD_User_ID < 1) 
+			set_ValueNoCheck (COLUMNNAME_AD_User_ID, null);
+		else 
+			set_ValueNoCheck (COLUMNNAME_AD_User_ID, Integer.valueOf(AD_User_ID));
+	}
+
+	/** Get User/Contact.
+		@return User within the system - Internal or Business Partner Contact
+	  */
+	public int getAD_User_ID () 
+	{
+		Integer ii = (Integer)get_Value(COLUMNNAME_AD_User_ID);
+		if (ii == null)
+			 return 0;
+		return ii.intValue();
+	}
+
+	/** Set EMail Address.
+		@param EMail 
+		Electronic Mail Address
+	  */
+	public void setEMail (String EMail)
+	{
+		set_Value (COLUMNNAME_EMail, EMail);
+	}
+
+	/** Get EMail Address.
+		@return Electronic Mail Address
+	  */
+	public String getEMail () 
+	{
+		return (String)get_Value(COLUMNNAME_EMail);
+	}
+
+	/** Set Expire in Seconds.
+		@param ExpireInSeconds Expire in Seconds	  */
+	public void setExpireInSeconds (BigDecimal ExpireInSeconds)
+	{
+		set_Value (COLUMNNAME_ExpireInSeconds, ExpireInSeconds);
+	}
+
+	/** Get Expire in Seconds.
+		@return Expire in Seconds	  */
+	public BigDecimal getExpireInSeconds () 
+	{
+		BigDecimal bd = (BigDecimal)get_Value(COLUMNNAME_ExpireInSeconds);
+		if (bd == null)
+			 return Env.ZERO;
+		return bd;
+	}
+
+	/** Set Comment/Help.
+		@param Help 
+		Comment or Hint
+	  */
+	public void setHelp (String Help)
+	{
+		set_Value (COLUMNNAME_Help, Help);
+	}
+
+	/** Get Comment/Help.
+		@return Comment or Hint
+	  */
+	public String getHelp () 
+	{
+		return (String)get_Value(COLUMNNAME_Help);
+	}
+
+	/** Set Access Revoked.
+		@param IsAccessRevoked Access Revoked	  */
+	public void setIsAccessRevoked (boolean IsAccessRevoked)
+	{
+		set_Value (COLUMNNAME_IsAccessRevoked, Boolean.valueOf(IsAccessRevoked));
+	}
+
+	/** Get Access Revoked.
+		@return Access Revoked	  */
+	public boolean isAccessRevoked () 
+	{
+		Object oo = get_Value(COLUMNNAME_IsAccessRevoked);
+		if (oo != null) 
+		{
+			 if (oo instanceof Boolean) 
+				 return ((Boolean)oo).booleanValue(); 
+			return "Y".equals(oo);
+		}
+		return false;
+	}
+
+	/** Set Authorized.
+		@param IsAuthorized Authorized	  */
+	public void setIsAuthorized (boolean IsAuthorized)
+	{
+		set_Value (COLUMNNAME_IsAuthorized, Boolean.valueOf(IsAuthorized));
+	}
+
+	/** Get Authorized.
+		@return Authorized	  */
+	public boolean isAuthorized () 
+	{
+		Object oo = get_Value(COLUMNNAME_IsAuthorized);
+		if (oo != null) 
+		{
+			 if (oo instanceof Boolean) 
+				 return ((Boolean)oo).booleanValue(); 
+			return "Y".equals(oo);
+		}
+		return false;
+	}
+
+	/** Set Refresh Token.
+		@param RefreshToken Refresh Token	  */
+	public void setRefreshToken (String RefreshToken)
+	{
+		set_Value (COLUMNNAME_RefreshToken, RefreshToken);
+	}
+
+	/** Get Refresh Token.
+		@return Refresh Token	  */
+	public String getRefreshToken () 
+	{
+		return (String)get_Value(COLUMNNAME_RefreshToken);
+	}
+}

org.adempiere.base/src/org/compiere/model/X_AD_AuthorizationCredential.java

@@ -0,0 +1,244 @@
+/******************************************************************************
+ * Product: iDempiere ERP & CRM Smart Business Solution                       *
+ * Copyright (C) 1999-2012 ComPiere, Inc. All Rights Reserved.                *
+ * This program is free software, you can redistribute it and/or modify it    *
+ * under the terms version 2 of the GNU General Public License as published   *
+ * by the Free Software Foundation. This program is distributed in the hope   *
+ * that it will be useful, but WITHOUT ANY WARRANTY, without even the implied *
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.           *
+ * See the GNU General Public License for more details.                       *
+ * You should have received a copy of the GNU General Public License along    *
+ * with this program, if not, write to the Free Software Foundation, Inc.,    *
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.                     *
+ * For the text or an alternative of this public license, you may reach us    *
+ * ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA        *
+ * or via info@compiere.org or http://www.compiere.org/license.html           *
+ *****************************************************************************/
+/** Generated Model - DO NOT CHANGE */
+package org.compiere.model;
+
+import java.sql.ResultSet;
+import java.util.Properties;
+import org.compiere.util.KeyNamePair;
+
+/** Generated Model for AD_AuthorizationCredential
+ *  @author iDempiere (generated) 
+ *  @version Release 8.2 - $Id$ */
+public class X_AD_AuthorizationCredential extends PO implements I_AD_AuthorizationCredential, I_Persistent 
+{
+
+	/**
+	 *
+	 */
+	private static final long serialVersionUID = 20210224L;
+
+    /** Standard Constructor */
+    public X_AD_AuthorizationCredential (Properties ctx, int AD_AuthorizationCredential_ID, String trxName)
+    {
+      super (ctx, AD_AuthorizationCredential_ID, trxName);
+      /** if (AD_AuthorizationCredential_ID == 0)
+        {
+			setAD_AuthorizationCredential_ID (0);
+			setAD_AuthorizationProvider_ID (0);
+			setName (null);
+        } */
+    }
+
+    /** Load Constructor */
+    public X_AD_AuthorizationCredential (Properties ctx, ResultSet rs, String trxName)
+    {
+      super (ctx, rs, trxName);
+    }
+
+    /** AccessLevel
+      * @return 6 - System - Client 
+      */
+    protected int get_AccessLevel()
+    {
+      return accessLevel.intValue();
+    }
+
+    /** Load Meta Data */
+    protected POInfo initPO (Properties ctx)
+    {
+      POInfo poi = POInfo.getPOInfo (ctx, Table_ID, get_TrxName());
+      return poi;
+    }
+
+    public String toString()
+    {
+      StringBuilder sb = new StringBuilder ("X_AD_AuthorizationCredential[")
+        .append(get_ID()).append(",Name=").append(getName()).append("]");
+      return sb.toString();
+    }
+
+	/** Set Authorization Credential.
+		@param AD_AuthorizationCredential_ID Authorization Credential	  */
+	public void setAD_AuthorizationCredential_ID (int AD_AuthorizationCredential_ID)
+	{
+		if (AD_AuthorizationCredential_ID < 1) 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationCredential_ID, null);
+		else 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationCredential_ID, Integer.valueOf(AD_AuthorizationCredential_ID));
+	}
+
+	/** Get Authorization Credential.
+		@return Authorization Credential	  */
+	public int getAD_AuthorizationCredential_ID () 
+	{
+		Integer ii = (Integer)get_Value(COLUMNNAME_AD_AuthorizationCredential_ID);
+		if (ii == null)
+			 return 0;
+		return ii.intValue();
+	}
+
+	/** Set AD_AuthorizationCredential_UU.
+		@param AD_AuthorizationCredential_UU AD_AuthorizationCredential_UU	  */
+	public void setAD_AuthorizationCredential_UU (String AD_AuthorizationCredential_UU)
+	{
+		set_Value (COLUMNNAME_AD_AuthorizationCredential_UU, AD_AuthorizationCredential_UU);
+	}
+
+	/** Get AD_AuthorizationCredential_UU.
+		@return AD_AuthorizationCredential_UU	  */
+	public String getAD_AuthorizationCredential_UU () 
+	{
+		return (String)get_Value(COLUMNNAME_AD_AuthorizationCredential_UU);
+	}
+
+	public org.compiere.model.I_AD_AuthorizationProvider getAD_AuthorizationProvider() throws RuntimeException
+    {
+		return (org.compiere.model.I_AD_AuthorizationProvider)MTable.get(getCtx(), org.compiere.model.I_AD_AuthorizationProvider.Table_Name)
+			.getPO(getAD_AuthorizationProvider_ID(), get_TrxName());	}
+
+	/** Set Authorization Provider.
+		@param AD_AuthorizationProvider_ID Authorization Provider	  */
+	public void setAD_AuthorizationProvider_ID (int AD_AuthorizationProvider_ID)
+	{
+		if (AD_AuthorizationProvider_ID < 1) 
+			set_Value (COLUMNNAME_AD_AuthorizationProvider_ID, null);
+		else 
+			set_Value (COLUMNNAME_AD_AuthorizationProvider_ID, Integer.valueOf(AD_AuthorizationProvider_ID));
+	}
+
+	/** Get Authorization Provider.
+		@return Authorization Provider	  */
+	public int getAD_AuthorizationProvider_ID () 
+	{
+		Integer ii = (Integer)get_Value(COLUMNNAME_AD_AuthorizationProvider_ID);
+		if (ii == null)
+			 return 0;
+		return ii.intValue();
+	}
+
+	/** AD_AuthorizationScopeList AD_Reference_ID=200185 */
+	public static final int AD_AUTHORIZATIONSCOPELIST_AD_Reference_ID=200185;
+	/** Calendar = Calendar */
+	public static final String AD_AUTHORIZATIONSCOPELIST_Calendar = "Calendar";
+	/** EMail = EMail */
+	public static final String AD_AUTHORIZATIONSCOPELIST_EMail = "EMail";
+	/** Document = Document */
+	public static final String AD_AUTHORIZATIONSCOPELIST_Document = "Document";
+	/** Profile = Profile */
+	public static final String AD_AUTHORIZATIONSCOPELIST_Profile = "Profile";
+	/** Storage = Storage */
+	public static final String AD_AUTHORIZATIONSCOPELIST_Storage = "Storage";
+	/** Set Scope List.
+		@param AD_AuthorizationScopeList Scope List	  */
+	public void setAD_AuthorizationScopeList (String AD_AuthorizationScopeList)
+	{
+
+		set_Value (COLUMNNAME_AD_AuthorizationScopeList, AD_AuthorizationScopeList);
+	}
+
+	/** Get Scope List.
+		@return Scope List	  */
+	public String getAD_AuthorizationScopeList () 
+	{
+		return (String)get_Value(COLUMNNAME_AD_AuthorizationScopeList);
+	}
+
+	/** Set Authorization client-id.
+		@param AuthorizationClientId Authorization client-id	  */
+	public void setAuthorizationClientId (String AuthorizationClientId)
+	{
+		set_Value (COLUMNNAME_AuthorizationClientId, AuthorizationClientId);
+	}
+
+	/** Get Authorization client-id.
+		@return Authorization client-id	  */
+	public String getAuthorizationClientId () 
+	{
+		return (String)get_Value(COLUMNNAME_AuthorizationClientId);
+	}
+
+	/** Set Authorization client-secret.
+		@param AuthorizationClientSecret Authorization client-secret	  */
+	public void setAuthorizationClientSecret (String AuthorizationClientSecret)
+	{
+		set_Value (COLUMNNAME_AuthorizationClientSecret, AuthorizationClientSecret);
+	}
+
+	/** Get Authorization client-secret.
+		@return Authorization client-secret	  */
+	public String getAuthorizationClientSecret () 
+	{
+		return (String)get_Value(COLUMNNAME_AuthorizationClientSecret);
+	}
+
+	/** Set Authorization Redirect URL.
+		@param AuthorizationRedirectURL Authorization Redirect URL	  */
+	public void setAuthorizationRedirectURL (String AuthorizationRedirectURL)
+	{
+		set_Value (COLUMNNAME_AuthorizationRedirectURL, AuthorizationRedirectURL);
+	}
+
+	/** Get Authorization Redirect URL.
+		@return Authorization Redirect URL	  */
+	public String getAuthorizationRedirectURL () 
+	{
+		return (String)get_Value(COLUMNNAME_AuthorizationRedirectURL);
+	}
+
+	/** Set Comment/Help.
+		@param Help 
+		Comment or Hint
+	  */
+	public void setHelp (String Help)
+	{
+		set_Value (COLUMNNAME_Help, Help);
+	}
+
+	/** Get Comment/Help.
+		@return Comment or Hint
+	  */
+	public String getHelp () 
+	{
+		return (String)get_Value(COLUMNNAME_Help);
+	}
+
+	/** Set Name.
+		@param Name 
+		Alphanumeric identifier of the entity
+	  */
+	public void setName (String Name)
+	{
+		set_Value (COLUMNNAME_Name, Name);
+	}
+
+	/** Get Name.
+		@return Alphanumeric identifier of the entity
+	  */
+	public String getName () 
+	{
+		return (String)get_Value(COLUMNNAME_Name);
+	}
+
+    /** Get Record ID/ColumnName
+        @return ID/ColumnName pair
+      */
+    public KeyNamePair getKeyNamePair() 
+    {
+        return new KeyNamePair(get_ID(), getName());
+    }
+}

org.adempiere.base/src/org/compiere/model/X_AD_AuthorizationProvider.java

@@ -0,0 +1,230 @@
+/******************************************************************************
+ * Product: iDempiere ERP & CRM Smart Business Solution                       *
+ * Copyright (C) 1999-2012 ComPiere, Inc. All Rights Reserved.                *
+ * This program is free software, you can redistribute it and/or modify it    *
+ * under the terms version 2 of the GNU General Public License as published   *
+ * by the Free Software Foundation. This program is distributed in the hope   *
+ * that it will be useful, but WITHOUT ANY WARRANTY, without even the implied *
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.           *
+ * See the GNU General Public License for more details.                       *
+ * You should have received a copy of the GNU General Public License along    *
+ * with this program, if not, write to the Free Software Foundation, Inc.,    *
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.                     *
+ * For the text or an alternative of this public license, you may reach us    *
+ * ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA        *
+ * or via info@compiere.org or http://www.compiere.org/license.html           *
+ *****************************************************************************/
+/** Generated Model - DO NOT CHANGE */
+package org.compiere.model;
+
+import java.sql.ResultSet;
+import java.util.Properties;
+import org.compiere.util.KeyNamePair;
+
+/** Generated Model for AD_AuthorizationProvider
+ *  @author iDempiere (generated) 
+ *  @version Release 8.2 - $Id$ */
+public class X_AD_AuthorizationProvider extends PO implements I_AD_AuthorizationProvider, I_Persistent 
+{
+
+	/**
+	 *
+	 */
+	private static final long serialVersionUID = 20210224L;
+
+    /** Standard Constructor */
+    public X_AD_AuthorizationProvider (Properties ctx, int AD_AuthorizationProvider_ID, String trxName)
+    {
+      super (ctx, AD_AuthorizationProvider_ID, trxName);
+      /** if (AD_AuthorizationProvider_ID == 0)
+        {
+			setAD_AuthorizationProvider_ID (0);
+			setAD_AuthorizationType (null);
+			setName (null);
+        } */
+    }
+
+    /** Load Constructor */
+    public X_AD_AuthorizationProvider (Properties ctx, ResultSet rs, String trxName)
+    {
+      super (ctx, rs, trxName);
+    }
+
+    /** AccessLevel
+      * @return 6 - System - Client 
+      */
+    protected int get_AccessLevel()
+    {
+      return accessLevel.intValue();
+    }
+
+    /** Load Meta Data */
+    protected POInfo initPO (Properties ctx)
+    {
+      POInfo poi = POInfo.getPOInfo (ctx, Table_ID, get_TrxName());
+      return poi;
+    }
+
+    public String toString()
+    {
+      StringBuilder sb = new StringBuilder ("X_AD_AuthorizationProvider[")
+        .append(get_ID()).append(",Name=").append(getName()).append("]");
+      return sb.toString();
+    }
+
+	/** Set Authorization Provider.
+		@param AD_AuthorizationProvider_ID Authorization Provider	  */
+	public void setAD_AuthorizationProvider_ID (int AD_AuthorizationProvider_ID)
+	{
+		if (AD_AuthorizationProvider_ID < 1) 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationProvider_ID, null);
+		else 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationProvider_ID, Integer.valueOf(AD_AuthorizationProvider_ID));
+	}
+
+	/** Get Authorization Provider.
+		@return Authorization Provider	  */
+	public int getAD_AuthorizationProvider_ID () 
+	{
+		Integer ii = (Integer)get_Value(COLUMNNAME_AD_AuthorizationProvider_ID);
+		if (ii == null)
+			 return 0;
+		return ii.intValue();
+	}
+
+	/** Set AD_AuthorizationProvider_UU.
+		@param AD_AuthorizationProvider_UU AD_AuthorizationProvider_UU	  */
+	public void setAD_AuthorizationProvider_UU (String AD_AuthorizationProvider_UU)
+	{
+		set_Value (COLUMNNAME_AD_AuthorizationProvider_UU, AD_AuthorizationProvider_UU);
+	}
+
+	/** Get AD_AuthorizationProvider_UU.
+		@return AD_AuthorizationProvider_UU	  */
+	public String getAD_AuthorizationProvider_UU () 
+	{
+		return (String)get_Value(COLUMNNAME_AD_AuthorizationProvider_UU);
+	}
+
+	/** AD_AuthorizationType AD_Reference_ID=200184 */
+	public static final int AD_AUTHORIZATIONTYPE_AD_Reference_ID=200184;
+	/** OAuth2 = OAuth2 */
+	public static final String AD_AUTHORIZATIONTYPE_OAuth2 = "OAuth2";
+	/** SAML (not implemented yet) = SAML */
+	public static final String AD_AUTHORIZATIONTYPE_SAMLNotImplementedYet = "SAML";
+	/** Set Authorization Type.
+		@param AD_AuthorizationType Authorization Type	  */
+	public void setAD_AuthorizationType (String AD_AuthorizationType)
+	{
+
+		set_Value (COLUMNNAME_AD_AuthorizationType, AD_AuthorizationType);
+	}
+
+	/** Get Authorization Type.
+		@return Authorization Type	  */
+	public String getAD_AuthorizationType () 
+	{
+		return (String)get_Value(COLUMNNAME_AD_AuthorizationType);
+	}
+
+	/** Set Authorization Endpoint.
+		@param AuthorizationEndpoint Authorization Endpoint	  */
+	public void setAuthorizationEndpoint (String AuthorizationEndpoint)
+	{
+		set_Value (COLUMNNAME_AuthorizationEndpoint, AuthorizationEndpoint);
+	}
+
+	/** Get Authorization Endpoint.
+		@return Authorization Endpoint	  */
+	public String getAuthorizationEndpoint () 
+	{
+		return (String)get_Value(COLUMNNAME_AuthorizationEndpoint);
+	}
+
+	/** Set Description.
+		@param Description 
+		Optional short description of the record
+	  */
+	public void setDescription (String Description)
+	{
+		set_Value (COLUMNNAME_Description, Description);
+	}
+
+	/** Get Description.
+		@return Optional short description of the record
+	  */
+	public String getDescription () 
+	{
+		return (String)get_Value(COLUMNNAME_Description);
+	}
+
+	/** Set Comment/Help.
+		@param Help 
+		Comment or Hint
+	  */
+	public void setHelp (String Help)
+	{
+		set_Value (COLUMNNAME_Help, Help);
+	}
+
+	/** Get Comment/Help.
+		@return Comment or Hint
+	  */
+	public String getHelp () 
+	{
+		return (String)get_Value(COLUMNNAME_Help);
+	}
+
+	/** Set Name.
+		@param Name 
+		Alphanumeric identifier of the entity
+	  */
+	public void setName (String Name)
+	{
+		set_Value (COLUMNNAME_Name, Name);
+	}
+
+	/** Get Name.
+		@return Alphanumeric identifier of the entity
+	  */
+	public String getName () 
+	{
+		return (String)get_Value(COLUMNNAME_Name);
+	}
+
+    /** Get Record ID/ColumnName
+        @return ID/ColumnName pair
+      */
+    public KeyNamePair getKeyNamePair() 
+    {
+        return new KeyNamePair(get_ID(), getName());
+    }
+
+	/** Set Revoke Endpoint.
+		@param RevokeEndpoint Revoke Endpoint	  */
+	public void setRevokeEndpoint (String RevokeEndpoint)
+	{
+		set_Value (COLUMNNAME_RevokeEndpoint, RevokeEndpoint);
+	}
+
+	/** Get Revoke Endpoint.
+		@return Revoke Endpoint	  */
+	public String getRevokeEndpoint () 
+	{
+		return (String)get_Value(COLUMNNAME_RevokeEndpoint);
+	}
+
+	/** Set Token Endpoint.
+		@param TokenEndpoint Token Endpoint	  */
+	public void setTokenEndpoint (String TokenEndpoint)
+	{
+		set_Value (COLUMNNAME_TokenEndpoint, TokenEndpoint);
+	}
+
+	/** Get Token Endpoint.
+		@return Token Endpoint	  */
+	public String getTokenEndpoint () 
+	{
+		return (String)get_Value(COLUMNNAME_TokenEndpoint);
+	}
+}

org.adempiere.base/src/org/compiere/model/X_AD_AuthorizationScopeProv.java

@@ -0,0 +1,171 @@
+/******************************************************************************
+ * Product: iDempiere ERP & CRM Smart Business Solution                       *
+ * Copyright (C) 1999-2012 ComPiere, Inc. All Rights Reserved.                *
+ * This program is free software, you can redistribute it and/or modify it    *
+ * under the terms version 2 of the GNU General Public License as published   *
+ * by the Free Software Foundation. This program is distributed in the hope   *
+ * that it will be useful, but WITHOUT ANY WARRANTY, without even the implied *
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.           *
+ * See the GNU General Public License for more details.                       *
+ * You should have received a copy of the GNU General Public License along    *
+ * with this program, if not, write to the Free Software Foundation, Inc.,    *
+ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.                     *
+ * For the text or an alternative of this public license, you may reach us    *
+ * ComPiere, Inc., 2620 Augustine Dr. #245, Santa Clara, CA 95054, USA        *
+ * or via info@compiere.org or http://www.compiere.org/license.html           *
+ *****************************************************************************/
+/** Generated Model - DO NOT CHANGE */
+package org.compiere.model;
+
+import java.sql.ResultSet;
+import java.util.Properties;
+
+/** Generated Model for AD_AuthorizationScopeProv
+ *  @author iDempiere (generated) 
+ *  @version Release 8.2 - $Id$ */
+public class X_AD_AuthorizationScopeProv extends PO implements I_AD_AuthorizationScopeProv, I_Persistent 
+{
+
+	/**
+	 *
+	 */
+	private static final long serialVersionUID = 20210224L;
+
+    /** Standard Constructor */
+    public X_AD_AuthorizationScopeProv (Properties ctx, int AD_AuthorizationScopeProv_ID, String trxName)
+    {
+      super (ctx, AD_AuthorizationScopeProv_ID, trxName);
+      /** if (AD_AuthorizationScopeProv_ID == 0)
+        {
+			setAD_AuthorizationScopeProv_ID (0);
+        } */
+    }
+
+    /** Load Constructor */
+    public X_AD_AuthorizationScopeProv (Properties ctx, ResultSet rs, String trxName)
+    {
+      super (ctx, rs, trxName);
+    }
+
+    /** AccessLevel
+      * @return 6 - System - Client 
+      */
+    protected int get_AccessLevel()
+    {
+      return accessLevel.intValue();
+    }
+
+    /** Load Meta Data */
+    protected POInfo initPO (Properties ctx)
+    {
+      POInfo poi = POInfo.getPOInfo (ctx, Table_ID, get_TrxName());
+      return poi;
+    }
+
+    public String toString()
+    {
+      StringBuilder sb = new StringBuilder ("X_AD_AuthorizationScopeProv[")
+        .append(get_ID()).append("]");
+      return sb.toString();
+    }
+
+	public org.compiere.model.I_AD_AuthorizationProvider getAD_AuthorizationProvider() throws RuntimeException
+    {
+		return (org.compiere.model.I_AD_AuthorizationProvider)MTable.get(getCtx(), org.compiere.model.I_AD_AuthorizationProvider.Table_Name)
+			.getPO(getAD_AuthorizationProvider_ID(), get_TrxName());	}
+
+	/** Set Authorization Provider.
+		@param AD_AuthorizationProvider_ID Authorization Provider	  */
+	public void setAD_AuthorizationProvider_ID (int AD_AuthorizationProvider_ID)
+	{
+		if (AD_AuthorizationProvider_ID < 1) 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationProvider_ID, null);
+		else 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationProvider_ID, Integer.valueOf(AD_AuthorizationProvider_ID));
+	}
+
+	/** Get Authorization Provider.
+		@return Authorization Provider	  */
+	public int getAD_AuthorizationProvider_ID () 
+	{
+		Integer ii = (Integer)get_Value(COLUMNNAME_AD_AuthorizationProvider_ID);
+		if (ii == null)
+			 return 0;
+		return ii.intValue();
+	}
+
+	/** AD_AuthorizationScope AD_Reference_ID=200185 */
+	public static final int AD_AUTHORIZATIONSCOPE_AD_Reference_ID=200185;
+	/** Calendar = Calendar */
+	public static final String AD_AUTHORIZATIONSCOPE_Calendar = "Calendar";
+	/** EMail = EMail */
+	public static final String AD_AUTHORIZATIONSCOPE_EMail = "EMail";
+	/** Document = Document */
+	public static final String AD_AUTHORIZATIONSCOPE_Document = "Document";
+	/** Profile = Profile */
+	public static final String AD_AUTHORIZATIONSCOPE_Profile = "Profile";
+	/** Storage = Storage */
+	public static final String AD_AUTHORIZATIONSCOPE_Storage = "Storage";
+	/** Set Authorization Scope.
+		@param AD_AuthorizationScope Authorization Scope	  */
+	public void setAD_AuthorizationScope (String AD_AuthorizationScope)
+	{
+
+		set_Value (COLUMNNAME_AD_AuthorizationScope, AD_AuthorizationScope);
+	}
+
+	/** Get Authorization Scope.
+		@return Authorization Scope	  */
+	public String getAD_AuthorizationScope () 
+	{
+		return (String)get_Value(COLUMNNAME_AD_AuthorizationScope);
+	}
+
+	/** Set Authorization Scope Provider.
+		@param AD_AuthorizationScopeProv_ID Authorization Scope Provider	  */
+	public void setAD_AuthorizationScopeProv_ID (int AD_AuthorizationScopeProv_ID)
+	{
+		if (AD_AuthorizationScopeProv_ID < 1) 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationScopeProv_ID, null);
+		else 
+			set_ValueNoCheck (COLUMNNAME_AD_AuthorizationScopeProv_ID, Integer.valueOf(AD_AuthorizationScopeProv_ID));
+	}
+
+	/** Get Authorization Scope Provider.
+		@return Authorization Scope Provider	  */
+	public int getAD_AuthorizationScopeProv_ID () 
+	{
+		Integer ii = (Integer)get_Value(COLUMNNAME_AD_AuthorizationScopeProv_ID);
+		if (ii == null)
+			 return 0;
+		return ii.intValue();
+	}
+
+	/** Set AD_AuthorizationScopeProv_UU.
+		@param AD_AuthorizationScopeProv_UU AD_AuthorizationScopeProv_UU	  */
+	public void setAD_AuthorizationScopeProv_UU (String AD_AuthorizationScopeProv_UU)
+	{
+		set_Value (COLUMNNAME_AD_AuthorizationScopeProv_UU, AD_AuthorizationScopeProv_UU);
+	}
+
+	/** Get AD_AuthorizationScopeProv_UU.
+		@return AD_AuthorizationScopeProv_UU	  */
+	public String getAD_AuthorizationScopeProv_UU () 
+	{
+		return (String)get_Value(COLUMNNAME_AD_AuthorizationScopeProv_UU);
+	}
+
+	/** Set Scope URL.
+		@param ScopeURL Scope URL	  */
+	public void setScopeURL (String ScopeURL)
+	{
+		set_Value (COLUMNNAME_ScopeURL, ScopeURL);
+	}
+
+	/** Get Scope URL.
+		@return Scope URL	  */
+	public String getScopeURL () 
+	{
+		return (String)get_Value(COLUMNNAME_ScopeURL);
+	}
+}

org.adempiere.base/src/org/compiere/process/AddAuthorizationProcess.java

@@ -0,0 +1,92 @@
+/***********************************************************************
+ * This file is part of iDempiere ERP Open Source                      *
+ * http://www.idempiere.org                                            *
+ *                                                                     *
+ * Copyright (C) Contributors                                          *
+ *                                                                     *
+ * This program is free software; you can redistribute it and/or       *
+ * modify it under the terms of the GNU General Public License         *
+ * as published by the Free Software Foundation; either version 2      *
+ * of the License, or (at your option) any later version.              *
+ *                                                                     *
+ * This program is distributed in the hope that it will be useful,     *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of      *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the        *
+ * GNU General Public License for more details.                        *
+ *                                                                     *
+ * You should have received a copy of the GNU General Public License   *
+ * along with this program; if not, write to the Free Software         *
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,          *
+ * MA 02110-1301, USA.                                                 *
+ *                                                                     *
+ * Sponsor:                                                            *
+ * - FH                                                                *
+ * Contributors:                                                       *
+ * - Carlos Ruiz                                                       *
+ **********************************************************************/
+package org.compiere.process;
+
+import java.util.logging.Level;
+
+import org.compiere.model.MAuthorizationCredential;
+import org.compiere.model.MPInstance;
+
+/**
+ *	IDEMPIERE-3101
+ * 	@author Carlos Ruiz - globalqss
+ */
+public class AddAuthorizationProcess extends SvrProcess {
+
+	/* Authorization Scope */
+	protected String p_AD_AuthorizationScope = null;
+	/* Authorization Credential */
+	protected int p_AD_AuthorizationCredential_ID = 0;
+	/* Open Browser */
+	protected Boolean p_Auth_OpenPopup = Boolean.FALSE;
+
+	/* Auth URL */
+	protected String f_authURL = null;
+
+	/**
+	 *  Prepare - e.g., get Parameters.
+	 */
+	@Override
+	protected void prepare() {
+		for (ProcessInfoParameter para : getParameter()) {
+			String name = para.getParameterName();
+			switch (name) {
+			case "AD_AuthorizationScope": p_AD_AuthorizationScope = para.getParameterAsString(); break;
+			case "AD_AuthorizationCredential_ID": p_AD_AuthorizationCredential_ID = para.getParameterAsInt(); break;
+			case "Auth_OpenPopup": p_Auth_OpenPopup = para.getParameterAsBoolean(); break;
+			case "AD_Language": break;  // ignored, is just to save it in AD_Process_Para
+			case "Auth_CallbackAnswer": break;  // ignored, is just to save it in AD_Process_Para
+			default:
+				if (log.isLoggable(Level.INFO))
+					log.log(Level.INFO, "Custom Parameter: " + name + "=" + para.getInfo());
+				break;
+			}
+		}
+	}
+
+	/**
+	 *  Perform process.
+	 *  @return Message
+	 *  @throws Exception
+	 */
+	protected String doIt() throws Exception {
+		if (log.isLoggable(Level.INFO))
+			log.info("AD_AuthorizationScope" + p_AD_AuthorizationScope
+					+ ", AD_AuthorizationCredential_ID=" + p_AD_AuthorizationCredential_ID
+					+ ", Auth_OpenBrowser=" + p_Auth_OpenPopup);
+		MPInstance pinstance = new MPInstance(getCtx(), getAD_PInstance_ID(), get_TrxName());
+		MAuthorizationCredential credential = new MAuthorizationCredential(getCtx(), p_AD_AuthorizationCredential_ID, get_TrxName());
+		f_authURL = credential.getFullAuthorizationEndpoint(p_AD_AuthorizationScope, pinstance.getAD_PInstance_UU());
+		if (! p_Auth_OpenPopup || processUI == null) {
+			addLog(f_authURL);
+			return "@Add_Auth_Copy_Link@";
+		}
+
+		return "@Add_Auth_In_Popup@";
+	}
+
+}	//	AddAuthorizationProcess

org.adempiere.base/src/org/compiere/util/EMail.java

@@ -46,8 +46,10 @@ import javax.mail.internet.MimeBodyPart;
 import javax.mail.internet.MimeMessage;
 import javax.mail.internet.MimeMultipart;
 
+import org.compiere.model.MAuthorizationAccount;
 import org.compiere.model.MClient;
 import org.compiere.model.MSysConfig;
+
 import com.sun.mail.smtp.SMTPMessage;
 
 /**
@@ -263,6 +265,14 @@ public final class EMail implements Serializable
 		if (CLogMgt.isLevelFinest())
 			props.put("mail.debug", "true");
 		//
+
+		MAuthorizationAccount authAccount = null;
+		boolean isOAuth2 = false;
+		if (m_auth != null) {
+			authAccount = MAuthorizationAccount.getEMailAccount(m_auth.getPasswordAuthentication().getUserName());
+			isOAuth2 = (authAccount != null);
+		}
+
 		Session session = null;
 		try
 		{
@@ -280,8 +290,15 @@ public final class EMail implements Serializable
 			{
 				props.put("mail.smtp.starttls.enable", "true");
 			}
-
+			if (isOAuth2) {
-			session = Session.getInstance(props, m_auth);
+				props.put("mail.smtp.auth.mechanisms", "XOAUTH2");
+			    props.put("mail.smtp.starttls.required", "true");
+			    props.put("mail.smtp.auth.login.disable","true");
+			    props.put("mail.smtp.auth.plain.disable","true");
+			    props.put("mail.debug.auth", "true");
+				m_auth = new EMailAuthenticator (m_auth.getPasswordAuthentication().getUserName(), authAccount.refreshAndGetAccessToken());
+			}
+			session = Session.getInstance(props);
 			session.setDebug(CLogMgt.isLevelFinest());
 		}
 		catch (SecurityException se)
@@ -300,7 +317,6 @@ public final class EMail implements Serializable
 		Transport t = null;
 		try
 		{
-		//	m_msg = new MimeMessage(session);
 			m_msg = new SMTPMessage(session);
 			//	Addresses
 			m_msg.setFrom(m_from);
@@ -353,14 +369,8 @@ public final class EMail implements Serializable
 			m_msg.setHeader("Comments", "iDempiereMail");
 			if (m_acknowledgementReceipt)
 				m_msg.setHeader("Disposition-Notification-To", m_from.getAddress());
-		//	m_msg.setDescription("Description");
-			//	SMTP specifics
-			//m_msg.setAllow8bitMIME(true);
-			//	Send notification on Failure & Success - no way to set envid in Java yet
-		//	m_msg.setNotifyOptions (SMTPMessage.NOTIFY_FAILURE | SMTPMessage.NOTIFY_SUCCESS);
 			//	Bounce only header
 			m_msg.setReturnOption (SMTPMessage.RETURN_HDRS);
-		//	m_msg.setHeader("X-Mailer", "msgsend");
 			if (additionalHeaders.size() > 0) {
 				for (ValueNamePair vnp : additionalHeaders) {
 					m_msg.setHeader(vnp.getName(), vnp.getValue());
@@ -369,26 +379,24 @@ public final class EMail implements Serializable
 			//
 			setContent();
 			m_msg.saveChanges();
-		//	log.fine("message =" + m_msg);
-			//
-		//	Transport.send(msg);
 			t = session.getTransport("smtp");
-		//	log.fine("transport=" + t);
+			if (m_auth != null) {
+				t.connect(m_smtpHost, m_smtpPort, m_auth.getPasswordAuthentication().getUserName(), m_auth.getPasswordAuthentication().getPassword());
+			} else {
 				t.connect();
-		//	t.connect(m_smtpHost, user, password);
+			}
-		//	log.fine("transport connected");
 			ClassLoader tcl = Thread.currentThread().getContextClassLoader();
 			try {
 				Thread.currentThread().setContextClassLoader(javax.mail.Session.class.getClassLoader());
-				Transport.send(m_msg);
+				t.sendMessage(m_msg, m_msg.getAllRecipients());
 			} finally {
 				Thread.currentThread().setContextClassLoader(tcl);
 			}
-		//	t.sendMessage(msg, msg.getAllRecipients());
 			if (log.isLoggable(Level.FINE)) log.fine("Success - MessageID=" + m_msg.getMessageID());
 		}
 		catch (MessagingException me)
 		{
+			me.printStackTrace();
 			Exception ex = me;
 			StringBuilder sb = new StringBuilder("(ME)");
 			boolean printed = false;

org.adempiere.base/src/org/compiere/util/EMailAuthenticator.java

@@ -71,9 +71,6 @@ public class EMailAuthenticator extends Authenticator
 	{
 		if (m_pass == null)
 			return "EMailAuthenticator[]";
-		if (CLogMgt.isLevelFinest())
-			return "EMailAuthenticator[" 
-				+ m_pass.getUserName() + "/" + m_pass.getPassword() + "]";
 		return "EMailAuthenticator[" 
 			+ m_pass.getUserName() + "/************]";
 	}	//	toString

org.adempiere.base/src/org/compiere/util/EmailSrv.java

@@ -54,6 +54,7 @@ import javax.mail.internet.ContentType;
 import javax.mail.internet.MimeUtility;
 
 import org.adempiere.exceptions.AdempiereException;
+import org.compiere.model.MAuthorizationAccount;
 
 /**
  * provide function for sent, receive email in imap protocol
@@ -164,11 +165,17 @@ public class EmailSrv {
 		}
 		props.put("mail.store.protocol", protocol);
 		props.put("mail.host", imapHost);
-		props.put("mail.imap.port", imapPort);
+		props.put("mail."+protocol+".port", imapPort);
 
-		EMailAuthenticator auth = new EMailAuthenticator(imapUser, imapPass);
+		MAuthorizationAccount authAccount = MAuthorizationAccount.getEMailAccount(imapUser);
-		mailSession = Session.getInstance(props, auth);
+		boolean isOAuth2 = (authAccount != null);
-		mailSession.setDebug(CLogMgt.isLevelAll());
+		if (isOAuth2) {
+			props.put("mail."+protocol+".ssl.enable", "true");
+			props.put("mail."+protocol+".auth.mechanisms", "XOAUTH2");
+			imapPass = authAccount.refreshAndGetAccessToken();
+		}
+		mailSession = Session.getInstance(props);
+		mailSession.setDebug(CLogMgt.isLevelFinest());
 		
 		return mailSession;
 	}	//	getSession
@@ -179,7 +186,7 @@ public class EmailSrv {
 			return mailStore;
 		
 		mailStore = getMailSession().getStore();
-		mailStore.connect();
+		mailStore.connect(imapHost, imapUser, imapPass);
 		return mailStore;
 	}	//	getStore
 	

org.adempiere.install/install.app.launch

@@ -29,6 +29,8 @@
     <setAttribute key="selected_target_bundles">
         <setEntry value="bcpkix@default:default"/>
         <setEntry value="bcprov@default:default"/>
+        <setEntry value="com.google.gson@default:default"/>
+        <setEntry value="com.google.guava@default:default"/>
         <setEntry value="com.google.zxing.core@default:default"/>
         <setEntry value="com.itextpdf@default:default"/>
         <setEntry value="com.jaspersoft.studio.bundles.barbecue@default:default"/>

org.adempiere.install/install.console.app.launch

@@ -29,6 +29,8 @@
     <setAttribute key="selected_target_bundles">
         <setEntry value="bcpkix@default:default"/>
         <setEntry value="bcprov@default:default"/>
+        <setEntry value="com.google.gson@default:default"/>
+        <setEntry value="com.google.guava@default:default"/>
         <setEntry value="com.google.zxing.core@default:default"/>
         <setEntry value="com.itextpdf@default:default"/>
         <setEntry value="com.jaspersoft.studio.bundles.barbecue@default:default"/>

org.adempiere.install/install.silent.app.launch

@@ -29,6 +29,8 @@
     <setAttribute key="selected_target_bundles">
         <setEntry value="bcpkix@default:default"/>
         <setEntry value="bcprov@default:default"/>
+        <setEntry value="com.google.gson@default:default"/>
+        <setEntry value="com.google.guava@default:default"/>
         <setEntry value="com.google.zxing.core@default:default"/>
         <setEntry value="com.itextpdf@default:default"/>
         <setEntry value="com.jaspersoft.studio.bundles.barbecue@default:default"/>

org.adempiere.server/WEB-INF/web.xml

@@ -43,6 +43,14 @@
       		<param-value>false</param-value>
     	</init-param>
   	</servlet>
+	<servlet>
+		<servlet-name>OAuthCodeCallbackHandlerServlet</servlet-name>
+		<servlet-class>org.idempiere.web.OAuthCodeCallbackHandlerServlet</servlet-class>
+	</servlet>
+	<servlet-mapping>
+		<servlet-name>OAuthCodeCallbackHandlerServlet</servlet-name>
+		<url-pattern>/oauth2/callback</url-pattern>
+	</servlet-mapping>
 	<!-- <servlet-mapping>
 		<servlet-name>StatusInfo</servlet-name>
 		<url-pattern>/statusInfo</url-pattern>

org.adempiere.server/oauth2/callback.jsp

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>OAuth2 Callback Process</title>
+</head>
+<body>
+	<script type="text/javascript">
+        const queryString = window.location.search;
+        const urlParams = new URLSearchParams(queryString);
+        const msg = urlParams.get('msg');
+        const error = urlParams.get('error');
+        const errmsg = urlParams.get('errmsg');
+        const closemsg = urlParams.get('closemsg');
+        if (error != null) {
+            document.write("<h3>" + errmsg + "<br></h3><h4><p style=\"color:red\">" + error + "</p></h4>");
+        } else {
+            document.write("<h3>" + msg + "</h3>");
+        }
+        document.write("<br>" + closemsg);
+    </script>
+</body>
+</html>

org.adempiere.server/src/main/servlet/org/idempiere/web/OAuthCodeCallbackHandlerServlet.java

@@ -0,0 +1,158 @@
+/***********************************************************************
+ * This file is part of iDempiere ERP Open Source                      *
+ * http://www.idempiere.org                                            *
+ *                                                                     *
+ * Copyright (C) Contributors                                          *
+ *                                                                     *
+ * This program is free software; you can redistribute it and/or       *
+ * modify it under the terms of the GNU General Public License         *
+ * as published by the Free Software Foundation; either version 2      *
+ * of the License, or (at your option) any later version.              *
+ *                                                                     *
+ * This program is distributed in the hope that it will be useful,     *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of      *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the        *
+ * GNU General Public License for more details.                        *
+ *                                                                     *
+ * You should have received a copy of the GNU General Public License   *
+ * along with this program; if not, write to the Free Software         *
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,          *
+ * MA 02110-1301, USA.                                                 *
+ *                                                                     *
+ * Sponsor:                                                            *
+ * - FH                                                                *
+ * Contributors:                                                       *
+ * - Carlos Ruiz                                                       *
+ **********************************************************************/
+
+package org.idempiere.web;
+
+import java.io.IOException;
+import java.net.URLEncoder;
+import java.util.Properties;
+
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.adempiere.util.ServerContext;
+import org.compiere.model.MAuthorizationCredential;
+import org.compiere.model.MPInstance;
+import org.compiere.model.MPInstancePara;
+import org.compiere.model.MTable;
+import org.compiere.model.PO;
+import org.compiere.util.Env;
+import org.compiere.util.Msg;
+
+public class OAuthCodeCallbackHandlerServlet extends HttpServlet {
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 8071951954959980796L;
+
+	/** The name of the Oauth code URL parameter */
+	public static final String CODE_URL_PARAM_NAME = "code";
+
+	/** The name of the OAuth error URL parameter */
+	public static final String ERROR_URL_PARAM_NAME = "error";
+
+	/** The name of the Oauth state URL parameter */
+	public static final String STATE_URL_PARAM_NAME = "state";
+
+	public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+
+		String errmsg = null;
+		String msg = "";
+
+		// Getting the "error" URL parameter
+		String[] error = req.getParameterValues(ERROR_URL_PARAM_NAME);
+		// Checking if there was an error such as the user denied access
+		if (error != null && error.length > 0) {
+			errmsg = error[0];
+		}
+
+		String[] code = null;
+		if (errmsg == null) {
+			// Getting the "code" URL parameter
+			code = req.getParameterValues(CODE_URL_PARAM_NAME);
+			// Checking conditions on the "code" URL parameter
+			if (code == null || code.length == 0) {
+				errmsg = Msg.getMsg(Env.getCtx(), "OAuthCallback_MissingParameter", new Object[] {CODE_URL_PARAM_NAME});
+			}
+		}
+
+		String[] state = null;
+		if (errmsg == null) {
+			// Getting the "state" URL parameter
+			state = req.getParameterValues(STATE_URL_PARAM_NAME);
+			// Checking conditions on the "state" URL parameter
+			if (state == null || state.length == 0) {
+				errmsg = Msg.getMsg(Env.getCtx(), "OAuthCallback_MissingParameter", new Object[] {STATE_URL_PARAM_NAME});
+			}
+		}
+
+		String msgClose = "";
+		try {
+			Properties localctx = new Properties();
+			ServerContext.setCurrentInstance(localctx);
+			MPInstance pinstance = null;
+			if (errmsg == null) {
+				MTable pinstanceTable = MTable.get(MPInstance.Table_ID);
+				String uuidcol = PO.getUUIDColumnName(MPInstance.Table_Name);
+				pinstance = (MPInstance) pinstanceTable.getPO(uuidcol+"=?", new Object[] {state[0]}, null);
+				if (pinstance == null) {
+					errmsg = Msg.getMsg(Env.getCtx(), "OAuthCallback_InvalidState");
+				}
+			}
+
+			Env.getCtx().setProperty(Env.AD_CLIENT_ID, String.valueOf(pinstance.getAD_Client_ID())); // To avoid Context Lost exception
+			Env.getCtx().setProperty(Env.AD_USER_ID, String.valueOf(pinstance.getCreatedBy())); // To set as CreatedBy of the account
+			MAuthorizationCredential credential = null;
+			MPInstancePara paramAnswer = null;
+			if (errmsg == null) {
+				for (MPInstancePara param : pinstance.getParameters()) {
+					if (MAuthorizationCredential.COLUMNNAME_AD_AuthorizationCredential_ID.equals(param.getParameterName()))
+						credential = new MAuthorizationCredential(Env.getCtx(), param.getP_Number().intValue(), null);
+					else if ("AD_Language".equals(param.getParameterName()))
+						Env.getCtx().setProperty("#AD_Language", param.getP_String());
+					else if ("Auth_CallbackAnswer".equals(param.getParameterName()))
+						paramAnswer = param;
+				}
+				if (credential == null || credential.get_ID() <= 0) {
+					errmsg = Msg.getMsg(Env.getCtx(), "OAuthCallback_NotFoundState");
+				}
+				if (paramAnswer == null) {
+					paramAnswer = pinstance.createParameter(50, "Auth_CallbackAnswer", null);
+				} else {
+					if (paramAnswer.getP_String() != null) {
+						errmsg = Msg.getMsg(Env.getCtx(), "OAuthCallback_AlreadyUsedLink");
+					}
+				}
+			}
+
+			if (errmsg == null) {
+				msg = credential.processToken(code[0], pinstance);
+				paramAnswer.setP_String(msg);
+				paramAnswer.saveEx();
+			}
+
+			msgClose = URLEncoder.encode(Msg.getMsg(Env.getCtx(), "OAuthPopup_Close"), "UTF-8");
+		} finally {
+			ServerContext.dispose();
+		}
+
+		String url = null;
+		msg = URLEncoder.encode(msg, "UTF-8");
+		if (errmsg == null) {
+			url = resp.encodeRedirectURL("callback.jsp?msg=" + msg + "&closemsg=" + msgClose);
+		} else {
+			String msgError = URLEncoder.encode(Msg.getMsg(Env.getCtx(), "Error"), "UTF-8");
+			errmsg = URLEncoder.encode(errmsg, "UTF-8");
+			url = resp.encodeRedirectURL("callback.jsp?error=" + errmsg + "&errmsg=" + msgError + "&closemsg=" + msgClose);
+		}
+
+		resp.sendRedirect(url);
+
+	}
+
+}

org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/apps/form/AddAuthorizationForm.java

@@ -0,0 +1,283 @@
+/***********************************************************************
+ * This file is part of iDempiere ERP Open Source                      *
+ * http://www.idempiere.org                                            *
+ *                                                                     *
+ * Copyright (C) Contributors                                          *
+ *                                                                     *
+ * This program is free software; you can redistribute it and/or       *
+ * modify it under the terms of the GNU General Public License         *
+ * as published by the Free Software Foundation; either version 2      *
+ * of the License, or (at your option) any later version.              *
+ *                                                                     *
+ * This program is distributed in the hope that it will be useful,     *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of      *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the        *
+ * GNU General Public License for more details.                        *
+ *                                                                     *
+ * You should have received a copy of the GNU General Public License   *
+ * along with this program; if not, write to the Free Software         *
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,          *
+ * MA 02110-1301, USA.                                                 *
+ *                                                                     *
+ * Sponsor:                                                            *
+ * - FH                                                                *
+ * Contributors:                                                       *
+ * - Carlos Ruiz                                                       *
+ **********************************************************************/
+package org.adempiere.webui.apps.form;
+
+import org.adempiere.webui.component.Column;
+import org.adempiere.webui.component.Columns;
+import org.adempiere.webui.component.ConfirmPanel;
+import org.adempiere.webui.component.GridFactory;
+import org.adempiere.webui.component.Label;
+import org.adempiere.webui.component.Row;
+import org.adempiere.webui.component.Rows;
+import org.adempiere.webui.component.Textbox;
+import org.adempiere.webui.panel.ADForm;
+import org.compiere.model.MAuthorizationAccount;
+import org.compiere.model.MPInstancePara;
+import org.compiere.model.Query;
+import org.compiere.model.X_AD_PInstance_Log;
+import org.compiere.util.Env;
+import org.compiere.util.Msg;
+import org.zkoss.zk.ui.event.Event;
+import org.zkoss.zk.ui.event.Events;
+import org.zkoss.zk.ui.util.Clients;
+import org.zkoss.zul.Grid;
+import org.zkoss.zul.Separator;
+import org.zkoss.zul.Space;
+import org.zkoss.zul.Timer;
+
+/**
+ *	IDEMPIERE-3101
+ * 	@author Carlos Ruiz - globalqss
+ */
+public class AddAuthorizationForm extends ADForm {
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -293618692686586645L;
+
+	/* A label to show the title of the form */
+	private Label labelTitle;
+
+	/* A label to show the messages to user */
+	private Label msgLabel;
+
+	/* A box to receive the message from the popup window */
+	private Textbox msgBox;
+
+	/* The confirm panel to close the window */
+	private ConfirmPanel confirmPanel;
+
+	/* Timer to monitor the popup */
+	private Timer timer;
+
+	/* The process instance opening this form */
+	private int pInstanceId;
+
+
+	/**
+	 *
+	 */
+	public AddAuthorizationForm() {
+	}
+
+	/* (non-Javadoc)
+	 * @see org.adempiere.webui.panel.ADForm#initForm()
+	 */
+	@Override
+	protected void initForm() {
+		setClosable(true);
+		setSizable(true);
+
+		Grid grid = GridFactory.newGridLayout();
+		grid.setHeight("100%");
+		grid.setWidth("100%");
+		appendChild(grid);
+		Columns columns = new Columns();
+		grid.appendChild(columns);
+		Column column = new Column();
+		column.setWidth("5%");
+		columns.appendChild(column);
+		column = new Column();
+		column.setWidth("30%");
+		columns.appendChild(column);
+		column = new Column();
+		column.setWidth("60%");
+		columns.appendChild(column);
+		column = new Column();
+		column.setWidth("10%");
+		columns.appendChild(column);
+
+		Rows rows = new Rows();
+		grid.appendChild(rows);
+		Row row = rows.newRow();
+		row.appendCellChild(new Separator(), 4);
+		row = rows.newRow();
+		labelTitle = new Label(Msg.getMsg(Env.getCtx(), "Authorization_Grant_Access"));
+		labelTitle.setStyle("font-weight: 600");
+		row.appendCellChild(labelTitle, 4);
+		row = rows.newRow();
+		row.appendCellChild(new Separator(), 4);
+
+		msgLabel = new Label(Msg.getMsg(Env.getCtx(), "Authorization_Message"));
+		msgLabel.setMultiline(true);
+
+		row = rows.newRow();
+		row.appendCellChild(msgLabel, 4);
+		row.getLastCell().setRowspan(7);
+		msgLabel.setHflex("1");
+		msgLabel.setHeight("150px");
+
+		msgBox = new Textbox();
+		msgBox.addEventListener(Events.ON_CHANGE, evt -> onMsgBoxChanged());
+		msgBox.setVisible(false);
+
+		row = rows.newRow();
+		row.appendCellChild(msgBox);
+
+		row = rows.newRow();
+		row.appendCellChild(new Separator(), 4);
+		row = rows.newRow();
+		row.appendCellChild(new Separator(), 4);
+		row = rows.newRow();
+		row.appendCellChild(new Separator(), 4);
+		row = rows.newRow();
+		row.appendCellChild(new Separator(), 4);
+		row = rows.newRow();
+		row.appendCellChild(new Separator(), 4);
+
+		row = rows.newRow();
+		confirmPanel = new ConfirmPanel(true);
+		row.appendCellChild(new Space());
+		row.appendCellChild(confirmPanel, 3);
+		confirmPanel.addActionListener(Events.ON_CLICK, evt -> onConfirmPanelAction(evt));
+
+		timer = new Timer();
+		timer.setRepeats(true);
+		timer.setDelay(100);
+		timer.setRunning(false);
+		appendChild(timer);
+
+		setHeight("300px");
+		setWidth("350px");
+		setVflex("min");
+
+	}
+
+	/**
+	 * Set Window Mode Highlighted
+	 */
+	@Override
+	public Mode getWindowMode() {
+		return Mode.HIGHLIGHTED;
+	}
+
+	/**
+	 * React when the message box is filled
+	 */
+	private void onMsgBoxChanged()  {
+		Clients.clearBusy();
+
+		/* Obtain info from the process instance saved on the callback servlet */
+		final String wherepip = "AD_PInstance_ID=? AND ParameterName=?";
+		MPInstancePara pip = new Query(Env.getCtx(), MPInstancePara.Table_Name, wherepip, null)
+				.setParameters(pInstanceId, "Auth_CallbackAnswer")
+				.first();
+		final String wherepil = "AD_PInstance_ID=? AND AD_Table_ID=?";
+		X_AD_PInstance_Log pil = new Query(Env.getCtx(), X_AD_PInstance_Log.Table_Name, wherepil, null)
+				.setParameters(pInstanceId, MAuthorizationAccount.Table_ID)
+				.first();
+
+		StringBuilder msg = new StringBuilder();
+		if (   (pip != null && pip.getP_String() != null)
+			|| (pil != null && pil.getP_Msg() != null)) {
+			// the callback ran and wrote info, the message can be because the user closed the window, ignore it
+		} else {
+			if (msgBox.getText().startsWith("! "))
+				msg.append(msgBox.getText().substring(2));
+			else
+				msg.append(msgBox.getText());
+		}
+		if (pip != null && pip.getP_String() != null)
+			msg.append("\n\n").append(pip.getP_String());
+		if (pil != null && pil.getP_Msg() != null)
+			msg.append("\n\n").append(pil.getP_Msg());
+		msgLabel.setText(msg.toString());
+
+		labelTitle.setVisible(false);
+		confirmPanel.getButton(ConfirmPanel.A_OK).setEnabled(false);
+		confirmPanel.getButton(ConfirmPanel.A_OK).setVisible(false);
+	}
+
+	/**
+	 * Confirm panel to process OK/Cancel buttons
+	 * @param evt
+	 */
+	private void onConfirmPanelAction(Event evt) {
+		if (evt.getTarget() == confirmPanel.getButton(ConfirmPanel.A_CANCEL)) {
+			this.detach();
+		} else if (evt.getTarget() == confirmPanel.getButton(ConfirmPanel.A_OK)) {
+			confirmPanel.getButton(ConfirmPanel.A_OK).setEnabled(false);
+			Clients.showBusy(null);
+		}
+	}
+
+	/**
+	 * Build popup and listener script
+	 * @param authURL
+	 * @param pInstanceId 
+	 */
+	public void buildClientPopupAndListener(String authURL, int pInstanceId) {
+		this.pInstanceId = pInstanceId;
+		
+		StringBuilder authScript = new StringBuilder()
+				.append("var x = window.outerWidth / 2 + window.screenX - (800 / 2);\n")
+				.append("var y = window.outerHeight / 2 + window.screenY - (600 / 2);\n")
+				.append("var authWindow = window.open('").append(authURL).append("','_blank','width=800, height=600, top='+y+', left='+x);\n")
+				.append("var timer = zk.Widget.$('#").append(timer.getUuid()).append("');\n")
+				.append("timer.windowRef = authWindow; timer.play();");
+		// Note: the listener can be set to onBind instead of onClick to open the popup without user intervention,
+		//       but in this case the browser popup restrictions apply.
+		//       As most browser block popups by default I prefer to go the safest route using onClick
+		confirmPanel.getButton(ConfirmPanel.A_OK).setWidgetListener("onClick", authScript.toString());
+
+		String msgError = Msg.getMsg(Env.getCtx(), "Error");
+		String msgFailure = Msg.getMsg(Env.getCtx(), "OAuthPopup_Failure");
+		StringBuilder timerScript = new StringBuilder()
+				.append("function sleep (time) {return new Promise((resolve) => setTimeout(resolve, time));}\n")
+				.append("try {\n")
+				.append("  var t = zk.Widget.$('#").append(msgBox.getUuid()).append("');\n")
+				.append("  var authWindow = this.windowRef;\n")
+				.append("  if (authWindow && authWindow.closed) {\n")
+				.append("    t.setValue('! ").append(msgError).append(msgFailure).append("'); t.fireOnChange(); \n") // prefix "! " - see onMsgBoxChanged
+				.append("    this.stop();\n")
+				.append("    return;\n")
+				.append("  }\n")
+				.append("  if (authWindow && authWindow.location) {\n")
+				.append("    if (authWindow.location.href.indexOf('/callback.jsp') >= 0) {\n")
+				.append("      this.stop();\n")
+				.append("      var url = new URL(authWindow.location.href);\n")
+				.append("      var error = url.searchParams.get('error');\n")
+				.append("      var msg = url.searchParams.get('msg');\n")
+				.append("      if (error) {\n" )
+				.append("        var msg = '").append(msgError).append("'+error;\n")
+				.append("        t.setValue(msg, false); t.fireOnChange();\n")
+				.append("      } else if (msg) {\n")
+				.append("        t.setValue(msg, false); t.fireOnChange();\n")
+				.append("      }\n")
+				.append("      sleep(1500).then(() => {\n")
+				.append("        authWindow.close();\n")
+				.append("      });\n")
+				.append("    }\n")
+				.append("  } else {\n")
+				.append("    t.setValue('! ").append(msgError).append(msgFailure).append("'); t.fireOnChange(); \n") // prefix "! " - see onMsgBoxChanged
+				.append("    this.stop();\n")
+				.append("  }\n")
+				.append("} catch(err){}\n");
+		timer.setWidgetListener("onTimer", timerScript.toString());
+	}
+
+}

org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/process/AddAuthorizationProcess.java

@@ -0,0 +1,69 @@
+/***********************************************************************
+ * This file is part of iDempiere ERP Open Source                      *
+ * http://www.idempiere.org                                            *
+ *                                                                     *
+ * Copyright (C) Contributors                                          *
+ *                                                                     *
+ * This program is free software; you can redistribute it and/or       *
+ * modify it under the terms of the GNU General Public License         *
+ * as published by the Free Software Foundation; either version 2      *
+ * of the License, or (at your option) any later version.              *
+ *                                                                     *
+ * This program is distributed in the hope that it will be useful,     *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of      *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the        *
+ * GNU General Public License for more details.                        *
+ *                                                                     *
+ * You should have received a copy of the GNU General Public License   *
+ * along with this program; if not, write to the Free Software         *
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,          *
+ * MA 02110-1301, USA.                                                 *
+ *                                                                     *
+ * Sponsor:                                                            *
+ * - FH                                                                *
+ * Contributors:                                                       *
+ * - Carlos Ruiz                                                       *
+ **********************************************************************/
+package org.adempiere.webui.process;
+
+import org.adempiere.webui.apps.AEnv;
+import org.adempiere.webui.apps.form.AddAuthorizationForm;
+import org.adempiere.webui.panel.ADForm;
+import org.adempiere.webui.session.SessionManager;
+import org.adempiere.webui.util.IServerPushCallback;
+import org.adempiere.webui.util.ServerPushTemplate;
+import org.compiere.model.SystemIDs;
+import org.zkoss.zk.ui.Desktop;
+
+/**
+ *	IDEMPIERE-3101
+ * 	@author Carlos Ruiz - globalqss
+ */
+public class AddAuthorizationProcess extends org.compiere.process.AddAuthorizationProcess implements IServerPushCallback {
+
+	/**
+	 * Post process to register the server push callback
+	 */
+	@Override
+	protected void postProcess(boolean success) {
+		if (success) {
+			Desktop desktop = AEnv.getDesktop();
+			ServerPushTemplate template = new ServerPushTemplate(desktop);
+			template.executeAsync(this);
+		}
+	}
+
+	/**
+	 * Open the authorization form when updating the UI on server push callback
+	 */
+	@Override
+	public void updateUI() {
+		if (p_Auth_OpenPopup) {
+			ADForm form = SessionManager.getAppDesktop().openForm(SystemIDs.FORM_ADD_AUTHORIZATION);
+			if (form instanceof AddAuthorizationForm) {
+				((AddAuthorizationForm)form).buildClientPopupAndListener(f_authURL, getAD_PInstance_ID());
+			}
+		}
+	}
+
+}	//	AddAuthorizationProcess